General
-
Target
0b169eed395ae0f9b901087fbc46b3a3_JaffaCakes118
-
Size
644KB
-
Sample
240624-2vakbszbpp
-
MD5
0b169eed395ae0f9b901087fbc46b3a3
-
SHA1
1b7ed00203c099444757f625961233463f76c5d7
-
SHA256
8b4a1864b615c35824329f99e903706498280a90b929745ec3e172824c4e864e
-
SHA512
f0151d834533c6069a47e9b2ab6acf73bd29fdaa7f1c83b5b4ce160265851c4c166db1d4bd3a889ea98294b5bb0e303b839f20c571cc2730504aa719344183a9
-
SSDEEP
12288:EdXX82xnVCIZ+UvJ+P1dqWr4K1hKQTyV+v9tJ84HHHHHHHHHHHHHHHHHHHHHHHHD:H2xnVLZ+Uh+P1kg4KdyI9tDHHHHHHHHD
Malware Config
Targets
-
-
Target
0b169eed395ae0f9b901087fbc46b3a3_JaffaCakes118
-
Size
644KB
-
MD5
0b169eed395ae0f9b901087fbc46b3a3
-
SHA1
1b7ed00203c099444757f625961233463f76c5d7
-
SHA256
8b4a1864b615c35824329f99e903706498280a90b929745ec3e172824c4e864e
-
SHA512
f0151d834533c6069a47e9b2ab6acf73bd29fdaa7f1c83b5b4ce160265851c4c166db1d4bd3a889ea98294b5bb0e303b839f20c571cc2730504aa719344183a9
-
SSDEEP
12288:EdXX82xnVCIZ+UvJ+P1dqWr4K1hKQTyV+v9tJ84HHHHHHHHHHHHHHHHHHHHHHHHD:H2xnVLZ+Uh+P1kg4KdyI9tDHHHHHHHHD
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1