General
-
Target
000f750b86d4cb2485323f4b4b825604_JaffaCakes118
-
Size
512KB
-
Sample
240619-xmd6bsxbpg
-
MD5
000f750b86d4cb2485323f4b4b825604
-
SHA1
22be047dc6ce2e63409bf1be9d68d386de17c0fb
-
SHA256
e056a8f30fcf77a077aa33186eba104c805b62e5e7ff2fc2d74f8a48f41a62ff
-
SHA512
d93a06efad02c0ee5671dbb980fd127c5d644a464ce0eb526255dc29a7c6521ef700b771d318a19c174a7f28d2ba014be7b4c46a7f222a7bb1c93e603e50d659
-
SSDEEP
384:gPyZNjtU2myEgkfb3yHv37ofyAbtAiVFv1rj868uPkEab5zXtxAAMSjJh:wyZeDfuEfptRFX8FuPAhXtxxMS7
Static task
static1
Behavioral task
behavioral1
Sample
000f750b86d4cb2485323f4b4b825604_JaffaCakes118.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
000f750b86d4cb2485323f4b4b825604_JaffaCakes118.dll
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
000f750b86d4cb2485323f4b4b825604_JaffaCakes118
-
Size
512KB
-
MD5
000f750b86d4cb2485323f4b4b825604
-
SHA1
22be047dc6ce2e63409bf1be9d68d386de17c0fb
-
SHA256
e056a8f30fcf77a077aa33186eba104c805b62e5e7ff2fc2d74f8a48f41a62ff
-
SHA512
d93a06efad02c0ee5671dbb980fd127c5d644a464ce0eb526255dc29a7c6521ef700b771d318a19c174a7f28d2ba014be7b4c46a7f222a7bb1c93e603e50d659
-
SSDEEP
384:gPyZNjtU2myEgkfb3yHv37ofyAbtAiVFv1rj868uPkEab5zXtxAAMSjJh:wyZeDfuEfptRFX8FuPAhXtxxMS7
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1