General
-
Target
1559e297a8fb574ac5a5e7e2ab7f6573_JaffaCakes118
-
Size
1.1MB
-
Sample
240627-kjg2lavcnp
-
MD5
1559e297a8fb574ac5a5e7e2ab7f6573
-
SHA1
edd8e20d4b93296037307be37fa275ad4e6b1c6c
-
SHA256
b628377c2255a584e5b588c797380e1f999a1bfc2fdc7510b30832e4b0b2603d
-
SHA512
a08eb64a6abd39c42df7ff9892f02457a83eba39a7b15459a5505927aa5e1541b1b50994d7e534815f9719fa7cea0ac00a65a1697628991d02f88c780036942a
-
SSDEEP
24576:AL/nMCdVst6y0SznBJ5UDnF0Nm8IzBN6YZcurrdDT/U9O1:U/n+6L0J5O6NkSRIdU9
Malware Config
Targets
-
-
Target
1559e297a8fb574ac5a5e7e2ab7f6573_JaffaCakes118
-
Size
1.1MB
-
MD5
1559e297a8fb574ac5a5e7e2ab7f6573
-
SHA1
edd8e20d4b93296037307be37fa275ad4e6b1c6c
-
SHA256
b628377c2255a584e5b588c797380e1f999a1bfc2fdc7510b30832e4b0b2603d
-
SHA512
a08eb64a6abd39c42df7ff9892f02457a83eba39a7b15459a5505927aa5e1541b1b50994d7e534815f9719fa7cea0ac00a65a1697628991d02f88c780036942a
-
SSDEEP
24576:AL/nMCdVst6y0SznBJ5UDnF0Nm8IzBN6YZcurrdDT/U9O1:U/n+6L0J5O6NkSRIdU9
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
2AppInit DLLs
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
2AppInit DLLs
1Netsh Helper DLL
1