General
-
Target
369d073d186c39411c85efbf2a31fd98_JaffaCakes118
-
Size
20KB
-
Sample
240710-16nqnashpk
-
MD5
369d073d186c39411c85efbf2a31fd98
-
SHA1
f5ebd330ba0957885eb88bf237eba9533f163986
-
SHA256
654d8c8885cea5548ba81405f31bfa44fc9affb35799cc798134bbc3f7e45dc9
-
SHA512
1efa48941550579961104b4b031f6be76572fde65e8964d7e579c20a75cdc2ea1c435e98ba6a4f0171bd6ef7a1d7d386674593779d39780b23408f0a44cee6b6
-
SSDEEP
384:TPyZNjtU2mW5j4ygqHdyVi/9NC4h8jZ7oGjjz1iu1Wn:byZ71gGm69U4wZ7oWf1iu8
Malware Config
Targets
-
-
Target
369d073d186c39411c85efbf2a31fd98_JaffaCakes118
-
Size
20KB
-
MD5
369d073d186c39411c85efbf2a31fd98
-
SHA1
f5ebd330ba0957885eb88bf237eba9533f163986
-
SHA256
654d8c8885cea5548ba81405f31bfa44fc9affb35799cc798134bbc3f7e45dc9
-
SHA512
1efa48941550579961104b4b031f6be76572fde65e8964d7e579c20a75cdc2ea1c435e98ba6a4f0171bd6ef7a1d7d386674593779d39780b23408f0a44cee6b6
-
SSDEEP
384:TPyZNjtU2mW5j4ygqHdyVi/9NC4h8jZ7oGjjz1iu1Wn:byZ71gGm69U4wZ7oWf1iu8
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1