General
-
Target
0013f3a50c0117916bcf68542915a6b6_JaffaCakes118
-
Size
512KB
-
Sample
240619-xp8sqaxdkg
-
MD5
0013f3a50c0117916bcf68542915a6b6
-
SHA1
f8dde955d1a03a602e3c80eaaa96ede1e7269322
-
SHA256
16ca55e87cb057261659efaf578ba4eb72a2fb6f1dac118f98d399838f7e58b4
-
SHA512
b2fd07da2f67915a49f1f561982e2028490a286c71132f8bb822bfb45944b344e073240e721ff37416ac2f15b1d23f7f629331a44a262970e304695649767345
-
SSDEEP
384:7PyZNjtU2m254MizuPaRbIQZW+31sid2yRjlvcEMqUzotgGZLJzUT:jyZLTWDdZWkH2KlvqHotggLJM
Static task
static1
Behavioral task
behavioral1
Sample
0013f3a50c0117916bcf68542915a6b6_JaffaCakes118.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
0013f3a50c0117916bcf68542915a6b6_JaffaCakes118.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
0013f3a50c0117916bcf68542915a6b6_JaffaCakes118
-
Size
512KB
-
MD5
0013f3a50c0117916bcf68542915a6b6
-
SHA1
f8dde955d1a03a602e3c80eaaa96ede1e7269322
-
SHA256
16ca55e87cb057261659efaf578ba4eb72a2fb6f1dac118f98d399838f7e58b4
-
SHA512
b2fd07da2f67915a49f1f561982e2028490a286c71132f8bb822bfb45944b344e073240e721ff37416ac2f15b1d23f7f629331a44a262970e304695649767345
-
SSDEEP
384:7PyZNjtU2m254MizuPaRbIQZW+31sid2yRjlvcEMqUzotgGZLJzUT:jyZLTWDdZWkH2KlvqHotggLJM
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1