General

  • Target

    000d440b446357bb1a256aa5d500717a_JaffaCakes118

  • Size

    23KB

  • Sample

    240619-xkswps1gjp

  • MD5

    000d440b446357bb1a256aa5d500717a

  • SHA1

    8b10ffd70478ef0c368cdf7ec819a4611006f6b6

  • SHA256

    a01648af929ae0de24b76f2233ffed42cddd81ba4849308df26ddb2bbec637fd

  • SHA512

    4cd893b880e85874741147e86f7ebb5f472217913fa8b230b48ba3decb629bbe60528795ca43f86ae5bf28f120b256dd930d0c9042b14f2596e57960feca7ff4

  • SSDEEP

    384:rPyZNjtU2mWoJnKZltinOf1oTnahNuTWjPMrzxNDeFk:zyZnHTNo2NmGPOxNDkk

Malware Config

Targets

    • Target

      000d440b446357bb1a256aa5d500717a_JaffaCakes118

    • Size

      23KB

    • MD5

      000d440b446357bb1a256aa5d500717a

    • SHA1

      8b10ffd70478ef0c368cdf7ec819a4611006f6b6

    • SHA256

      a01648af929ae0de24b76f2233ffed42cddd81ba4849308df26ddb2bbec637fd

    • SHA512

      4cd893b880e85874741147e86f7ebb5f472217913fa8b230b48ba3decb629bbe60528795ca43f86ae5bf28f120b256dd930d0c9042b14f2596e57960feca7ff4

    • SSDEEP

      384:rPyZNjtU2mWoJnKZltinOf1oTnahNuTWjPMrzxNDeFk:zyZnHTNo2NmGPOxNDkk

    • Modifies firewall policy service

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks