General
-
Target
000d178b4b70a2335558198a89516047_JaffaCakes118
-
Size
512KB
-
Sample
240619-xkpt2s1gjk
-
MD5
000d178b4b70a2335558198a89516047
-
SHA1
9e1028c7d178d8e70230b5e3fd0cbd22c1c0810d
-
SHA256
0fbd86acfeee378a67c93a5532bfee16a4633f1fa28751ec5d6689c7ed12a5bc
-
SHA512
3a39066d9ebb279d1d58b6db77935cc458d91221cd3b6d6db537a4225108d622fc289f459c5eb46fa74bc680cac6197ce47dee8175c0f20f00496444d45b700d
-
SSDEEP
384:gPyZNjtU2mW4MLfyHzyGxZQVAec0Sjh7IUEgKGasKzEIgs6pP3:wyZHT2nqVV8h7I7G8EIgjZ
Static task
static1
Behavioral task
behavioral1
Sample
000d178b4b70a2335558198a89516047_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
000d178b4b70a2335558198a89516047_JaffaCakes118.dll
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
000d178b4b70a2335558198a89516047_JaffaCakes118
-
Size
512KB
-
MD5
000d178b4b70a2335558198a89516047
-
SHA1
9e1028c7d178d8e70230b5e3fd0cbd22c1c0810d
-
SHA256
0fbd86acfeee378a67c93a5532bfee16a4633f1fa28751ec5d6689c7ed12a5bc
-
SHA512
3a39066d9ebb279d1d58b6db77935cc458d91221cd3b6d6db537a4225108d622fc289f459c5eb46fa74bc680cac6197ce47dee8175c0f20f00496444d45b700d
-
SSDEEP
384:gPyZNjtU2mW4MLfyHzyGxZQVAec0Sjh7IUEgKGasKzEIgs6pP3:wyZHT2nqVV8h7I7G8EIgjZ
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1