General
-
Target
00126939ef0420be5b13c77db024c872_JaffaCakes118
-
Size
513KB
-
Sample
240619-xpdbtaxcpa
-
MD5
00126939ef0420be5b13c77db024c872
-
SHA1
83cb1d7d4eeb2d051d5ff968263e14a4f80cd4c7
-
SHA256
82d738b05f196aeb7e51ea78dea500450355682e607ca804097cbd40b2963682
-
SHA512
1ba8e29455e6f1b0a22ffa5b0aefa1cefcd45af8deb0eed1d2a3fde1ea479d32e6ae3b3ab16b6ecb5742f901443dceaa1718ae77fa4152578aed0a582aabb6c0
-
SSDEEP
384:TidD9d6GAW6AEiDlIgtapacv5nfHD7Aw/j+vREC5CsDanPzxTzYqiXb:G+DWlZN65/D7Z+vAsDWxTkqK
Static task
static1
Behavioral task
behavioral1
Sample
00126939ef0420be5b13c77db024c872_JaffaCakes118.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
00126939ef0420be5b13c77db024c872_JaffaCakes118.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
00126939ef0420be5b13c77db024c872_JaffaCakes118
-
Size
513KB
-
MD5
00126939ef0420be5b13c77db024c872
-
SHA1
83cb1d7d4eeb2d051d5ff968263e14a4f80cd4c7
-
SHA256
82d738b05f196aeb7e51ea78dea500450355682e607ca804097cbd40b2963682
-
SHA512
1ba8e29455e6f1b0a22ffa5b0aefa1cefcd45af8deb0eed1d2a3fde1ea479d32e6ae3b3ab16b6ecb5742f901443dceaa1718ae77fa4152578aed0a582aabb6c0
-
SSDEEP
384:TidD9d6GAW6AEiDlIgtapacv5nfHD7Aw/j+vREC5CsDanPzxTzYqiXb:G+DWlZN65/D7Z+vAsDWxTkqK
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1