General

  • Target

    0013f3a50c0117916bcf68542915a6b6_JaffaCakes118

  • Size

    512KB

  • Sample

    240619-xp8sqaxdkg

  • MD5

    0013f3a50c0117916bcf68542915a6b6

  • SHA1

    f8dde955d1a03a602e3c80eaaa96ede1e7269322

  • SHA256

    16ca55e87cb057261659efaf578ba4eb72a2fb6f1dac118f98d399838f7e58b4

  • SHA512

    b2fd07da2f67915a49f1f561982e2028490a286c71132f8bb822bfb45944b344e073240e721ff37416ac2f15b1d23f7f629331a44a262970e304695649767345

  • SSDEEP

    384:7PyZNjtU2m254MizuPaRbIQZW+31sid2yRjlvcEMqUzotgGZLJzUT:jyZLTWDdZWkH2KlvqHotggLJM

Malware Config

Targets

    • Target

      0013f3a50c0117916bcf68542915a6b6_JaffaCakes118

    • Size

      512KB

    • MD5

      0013f3a50c0117916bcf68542915a6b6

    • SHA1

      f8dde955d1a03a602e3c80eaaa96ede1e7269322

    • SHA256

      16ca55e87cb057261659efaf578ba4eb72a2fb6f1dac118f98d399838f7e58b4

    • SHA512

      b2fd07da2f67915a49f1f561982e2028490a286c71132f8bb822bfb45944b344e073240e721ff37416ac2f15b1d23f7f629331a44a262970e304695649767345

    • SSDEEP

      384:7PyZNjtU2m254MizuPaRbIQZW+31sid2yRjlvcEMqUzotgGZLJzUT:jyZLTWDdZWkH2KlvqHotggLJM

    • Modifies firewall policy service

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks