General
-
Target
0019b870188b3bad7384c6d02a54060d_JaffaCakes118
-
Size
21KB
-
Sample
240619-xs2htaxend
-
MD5
0019b870188b3bad7384c6d02a54060d
-
SHA1
45a3726ffbf83bd5149c6c4e372e8e75c36f8435
-
SHA256
ce3c2a2dd4571ede663b78fb7e173c020e3d2396e1ba6ca6e9fe0edf2bcb6557
-
SHA512
021df9983722d615a7721e2bb5c6d6d99c277c2cc6ef4b657b687cc848c0b4a5a60b82ff4ce845defe01489f047823af48b0a72a071a236698876ee8228f6344
-
SSDEEP
384:5yVlNjtU2eGg45LsS1dmIBbEhFL8TLcQOT6M57c32MgzEZuXbyjZ:MVlmilJtcJTS32REZuE
Malware Config
Targets
-
-
Target
0019b870188b3bad7384c6d02a54060d_JaffaCakes118
-
Size
21KB
-
MD5
0019b870188b3bad7384c6d02a54060d
-
SHA1
45a3726ffbf83bd5149c6c4e372e8e75c36f8435
-
SHA256
ce3c2a2dd4571ede663b78fb7e173c020e3d2396e1ba6ca6e9fe0edf2bcb6557
-
SHA512
021df9983722d615a7721e2bb5c6d6d99c277c2cc6ef4b657b687cc848c0b4a5a60b82ff4ce845defe01489f047823af48b0a72a071a236698876ee8228f6344
-
SSDEEP
384:5yVlNjtU2eGg45LsS1dmIBbEhFL8TLcQOT6M57c32MgzEZuXbyjZ:MVlmilJtcJTS32REZuE
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1