General
-
Target
000f00ec0f7a61c6728cfc71a2ae4163_JaffaCakes118
-
Size
22KB
-
Sample
240619-xl6h7a1gpj
-
MD5
000f00ec0f7a61c6728cfc71a2ae4163
-
SHA1
16ecc4b4d360b98114ca7d2fb9158047e04f162d
-
SHA256
5dbf3d8894bce96d559016b910bcbf7b5099e97e666856c9f84a90cd46696f36
-
SHA512
5d1225238c6f81a4b882843ff07865f799eabd4b880d44e08412598a3271bde654febd826ee1b8bbf5451fb9d988e7bd5c572615a0aeb5fa0cc16e6bd857f841
-
SSDEEP
384:9yVlNjtU2etUARTXE92hJ+uZq3HlMz7EF3UjQY3clpzx/yUObzt80:AVl7aU6J+uZqXE7/QY3ax/yD20
Static task
static1
Behavioral task
behavioral1
Sample
000f00ec0f7a61c6728cfc71a2ae4163_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
000f00ec0f7a61c6728cfc71a2ae4163_JaffaCakes118.dll
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
000f00ec0f7a61c6728cfc71a2ae4163_JaffaCakes118
-
Size
22KB
-
MD5
000f00ec0f7a61c6728cfc71a2ae4163
-
SHA1
16ecc4b4d360b98114ca7d2fb9158047e04f162d
-
SHA256
5dbf3d8894bce96d559016b910bcbf7b5099e97e666856c9f84a90cd46696f36
-
SHA512
5d1225238c6f81a4b882843ff07865f799eabd4b880d44e08412598a3271bde654febd826ee1b8bbf5451fb9d988e7bd5c572615a0aeb5fa0cc16e6bd857f841
-
SSDEEP
384:9yVlNjtU2etUARTXE92hJ+uZq3HlMz7EF3UjQY3clpzx/yUObzt80:AVl7aU6J+uZqXE7/QY3ax/yD20
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1