General
-
Target
0ed61856140cc9026e46294169f1997a_JaffaCakes118
-
Size
146KB
-
Sample
240625-vfr3havbmn
-
MD5
0ed61856140cc9026e46294169f1997a
-
SHA1
9a7cfc4ef8d28b394236b5398d0ea7cd424dc5f4
-
SHA256
0341dd1d7c4dc0a8c074e297f7a709b301849da3b51e36b2101225f05d880b98
-
SHA512
cf5616df30139256da16f6c8a95b9d7033c285c740f94bb674262b54b9c091ec6ad98c680785567c556e9ce5273b73303453b12b9a7b9fd19a59a4213a21a125
-
SSDEEP
3072:W8DTOWuhe69/Xwwb5RUUgJ/HbCwnVInCP9E9s6M1lQSN8/Y9lStL0P+RHy:WFW769vwwb5aUg591E2/Qs8/umsN
Static task
static1
Behavioral task
behavioral1
Sample
0ed61856140cc9026e46294169f1997a_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
0ed61856140cc9026e46294169f1997a_JaffaCakes118
-
Size
146KB
-
MD5
0ed61856140cc9026e46294169f1997a
-
SHA1
9a7cfc4ef8d28b394236b5398d0ea7cd424dc5f4
-
SHA256
0341dd1d7c4dc0a8c074e297f7a709b301849da3b51e36b2101225f05d880b98
-
SHA512
cf5616df30139256da16f6c8a95b9d7033c285c740f94bb674262b54b9c091ec6ad98c680785567c556e9ce5273b73303453b12b9a7b9fd19a59a4213a21a125
-
SSDEEP
3072:W8DTOWuhe69/Xwwb5RUUgJ/HbCwnVInCP9E9s6M1lQSN8/Y9lStL0P+RHy:WFW769vwwb5aUg591E2/Qs8/umsN
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1