General
-
Target
003b918e0ad1e30e6a5ba6fba30f0c70_JaffaCakes118
-
Size
21KB
-
Sample
240619-yn95tsygnf
-
MD5
003b918e0ad1e30e6a5ba6fba30f0c70
-
SHA1
bfb3b4f64bc69f792877dc8e4a95913720518700
-
SHA256
b517fa31381d40b39248488bdc4d11a06980ecd1bac513691d517c01d913e535
-
SHA512
502b6be1b4a98109d20a8cd915dcf428912e5dc739a41fb724655c12573bca29db094b3a4e389babbd76719c0d87ba2634d9e13c6220131f458bbea77cc6db6a
-
SSDEEP
384:gPyZNjtU2m/QBrDZnxuoZYoeF9qWijJ7T+zEN9sowqK:wyZmyd7IsRuENK73
Malware Config
Targets
-
-
Target
003b918e0ad1e30e6a5ba6fba30f0c70_JaffaCakes118
-
Size
21KB
-
MD5
003b918e0ad1e30e6a5ba6fba30f0c70
-
SHA1
bfb3b4f64bc69f792877dc8e4a95913720518700
-
SHA256
b517fa31381d40b39248488bdc4d11a06980ecd1bac513691d517c01d913e535
-
SHA512
502b6be1b4a98109d20a8cd915dcf428912e5dc739a41fb724655c12573bca29db094b3a4e389babbd76719c0d87ba2634d9e13c6220131f458bbea77cc6db6a
-
SSDEEP
384:gPyZNjtU2m/QBrDZnxuoZYoeF9qWijJ7T+zEN9sowqK:wyZmyd7IsRuENK73
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1