General
-
Target
001454d359a6780b02bf410dbe022051_JaffaCakes118
-
Size
22KB
-
Sample
240619-xqj6rasakr
-
MD5
001454d359a6780b02bf410dbe022051
-
SHA1
6364817d34dddb3be31cc33a6ad2f0ee70083743
-
SHA256
438d349a0f98605436331bbade00599f7dd56dc650480d03dfab9f8366c567ca
-
SHA512
f796c9599c101344134a31ad33482dcbb4995fb1c8c1671e7914803d1d3ad1e81793d3dbe0d37390f264bec343cd4d7771f7f9e48c1c93832d7b6de41543c5ef
-
SSDEEP
384:XPyZNjtU2mPgALW8p76GHpTe14M/jcFdhzxZK9dkGm7:fyZWrWE60U4ScFdlxZK4b7
Malware Config
Targets
-
-
Target
001454d359a6780b02bf410dbe022051_JaffaCakes118
-
Size
22KB
-
MD5
001454d359a6780b02bf410dbe022051
-
SHA1
6364817d34dddb3be31cc33a6ad2f0ee70083743
-
SHA256
438d349a0f98605436331bbade00599f7dd56dc650480d03dfab9f8366c567ca
-
SHA512
f796c9599c101344134a31ad33482dcbb4995fb1c8c1671e7914803d1d3ad1e81793d3dbe0d37390f264bec343cd4d7771f7f9e48c1c93832d7b6de41543c5ef
-
SSDEEP
384:XPyZNjtU2mPgALW8p76GHpTe14M/jcFdhzxZK9dkGm7:fyZWrWE60U4ScFdlxZK4b7
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1