General
-
Target
0e203b44a2c5c64eb52a71e078aeabd2_JaffaCakes118
-
Size
560KB
-
Sample
240625-py6qqatdlj
-
MD5
0e203b44a2c5c64eb52a71e078aeabd2
-
SHA1
018ffd44cf8eb8051107fbfd7e8d4ec43e01c2ca
-
SHA256
5045fd8f1d16a64c86ec1afc9d7e5657c976058edf71012c00dc4b686ff12a84
-
SHA512
c16a08810e1c8b3933633d5350d8501c5793634c5140e1ed25a39843999fbfc304978a4e28c12ed4f52e826f55b29fa1aafdeffb0e88fde99698eb7f25f11b72
-
SSDEEP
12288:xCohgvf3psV6FrpjVSxALPKjApgJGzR93ge+k51Fsv:MGsZjjs6LPBSJGzR+e5I
Static task
static1
Behavioral task
behavioral1
Sample
0e203b44a2c5c64eb52a71e078aeabd2_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0e203b44a2c5c64eb52a71e078aeabd2_JaffaCakes118
-
Size
560KB
-
MD5
0e203b44a2c5c64eb52a71e078aeabd2
-
SHA1
018ffd44cf8eb8051107fbfd7e8d4ec43e01c2ca
-
SHA256
5045fd8f1d16a64c86ec1afc9d7e5657c976058edf71012c00dc4b686ff12a84
-
SHA512
c16a08810e1c8b3933633d5350d8501c5793634c5140e1ed25a39843999fbfc304978a4e28c12ed4f52e826f55b29fa1aafdeffb0e88fde99698eb7f25f11b72
-
SSDEEP
12288:xCohgvf3psV6FrpjVSxALPKjApgJGzR93ge+k51Fsv:MGsZjjs6LPBSJGzR+e5I
-
Modifies firewall policy service
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1