General
-
Target
000ed5008ef217f55825dc1403723113_JaffaCakes118
-
Size
20KB
-
Sample
240619-xl19gaxbne
-
MD5
000ed5008ef217f55825dc1403723113
-
SHA1
e034a16d64f6747cd65a05722a6c35d9f2c49fcc
-
SHA256
9eff2335c2f4eebd7cfd8b70db5b26d220b4e8d4d717f639d230d9808a259e76
-
SHA512
897d8a5b1c8ebfc57a4327db16aa119d8fde5ebceb2a6a40664443ac573cac4b029d621b75396a009fbd4c18ad92501b1677db46dda152a5474a48e0e88a0321
-
SSDEEP
384:P9PyZNjtU2mvIGj0l724Zt2e9VojU2bzEFd++UX:PVyZupMP/EPEFd+f
Static task
static1
Behavioral task
behavioral1
Sample
000ed5008ef217f55825dc1403723113_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
000ed5008ef217f55825dc1403723113_JaffaCakes118.dll
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
000ed5008ef217f55825dc1403723113_JaffaCakes118
-
Size
20KB
-
MD5
000ed5008ef217f55825dc1403723113
-
SHA1
e034a16d64f6747cd65a05722a6c35d9f2c49fcc
-
SHA256
9eff2335c2f4eebd7cfd8b70db5b26d220b4e8d4d717f639d230d9808a259e76
-
SHA512
897d8a5b1c8ebfc57a4327db16aa119d8fde5ebceb2a6a40664443ac573cac4b029d621b75396a009fbd4c18ad92501b1677db46dda152a5474a48e0e88a0321
-
SSDEEP
384:P9PyZNjtU2mvIGj0l724Zt2e9VojU2bzEFd++UX:PVyZupMP/EPEFd+f
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1