General
-
Target
11321ac0248e18ce890b2e4ab650c336_JaffaCakes118
-
Size
1.2MB
-
Sample
240626-jc4fkssgjd
-
MD5
11321ac0248e18ce890b2e4ab650c336
-
SHA1
2f0f1e188944a5a217678cee17b59733663d1c69
-
SHA256
48ce8d3a5533851e4e8a1f172746b8d08b5543262e933cc72487c39fb7db8d7a
-
SHA512
4f3cc4d7439480be13500f852cfad3ebcdd9eace14f3a930f451ff640f3f50dff6fd24f1eba98fe2811426ec71416067c6789da9424c4919c27f50f431cb7074
-
SSDEEP
24576:Kh+EpSGP3ZEgRhuRKOODz6HY1SC9s6WcREFydry9uPHxyAo5/:Ya+P6HpcTdn5g5
Static task
static1
Behavioral task
behavioral1
Sample
11321ac0248e18ce890b2e4ab650c336_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
11321ac0248e18ce890b2e4ab650c336_JaffaCakes118
-
Size
1.2MB
-
MD5
11321ac0248e18ce890b2e4ab650c336
-
SHA1
2f0f1e188944a5a217678cee17b59733663d1c69
-
SHA256
48ce8d3a5533851e4e8a1f172746b8d08b5543262e933cc72487c39fb7db8d7a
-
SHA512
4f3cc4d7439480be13500f852cfad3ebcdd9eace14f3a930f451ff640f3f50dff6fd24f1eba98fe2811426ec71416067c6789da9424c4919c27f50f431cb7074
-
SSDEEP
24576:Kh+EpSGP3ZEgRhuRKOODz6HY1SC9s6WcREFydry9uPHxyAo5/:Ya+P6HpcTdn5g5
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5