General
-
Target
1b3af86b1ae25ab02667a5f3bd77edff_JaffaCakes118
-
Size
2.6MB
-
Sample
240701-n8l9dstfml
-
MD5
1b3af86b1ae25ab02667a5f3bd77edff
-
SHA1
0868c657fbe5d76cc45a8973a15691e1fec4f15d
-
SHA256
97203ccd17b5d62b4b087dc84ea8e9624d8910db4fefe95ebf4c27b207511bb1
-
SHA512
f6fc7b79357663d70f323dfaf8137fea3b83157a997c8af74b7487af736511229f83469f304af9fc21a0b06eb3cf5568ba1b1a114ec9f7608a4e9a5a92462429
-
SSDEEP
49152:xAuM/1NsdWiLAhzTaoPUx8U/ybAXkrTf67Pkfhmrwrr/rpzP:xABYdYnPYBybNrTf6bkfhMKrpT
Malware Config
Targets
-
-
Target
1b3af86b1ae25ab02667a5f3bd77edff_JaffaCakes118
-
Size
2.6MB
-
MD5
1b3af86b1ae25ab02667a5f3bd77edff
-
SHA1
0868c657fbe5d76cc45a8973a15691e1fec4f15d
-
SHA256
97203ccd17b5d62b4b087dc84ea8e9624d8910db4fefe95ebf4c27b207511bb1
-
SHA512
f6fc7b79357663d70f323dfaf8137fea3b83157a997c8af74b7487af736511229f83469f304af9fc21a0b06eb3cf5568ba1b1a114ec9f7608a4e9a5a92462429
-
SSDEEP
49152:xAuM/1NsdWiLAhzTaoPUx8U/ybAXkrTf67Pkfhmrwrr/rpzP:xABYdYnPYBybNrTf6bkfhMKrpT
Score8/10-
Modifies Windows Firewall
-
Stops running service(s)
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1