General
-
Target
4084f9e3eaed4b1fc8a42483f2bd5d90_JaffaCakes118
-
Size
993KB
-
Sample
240713-g3x1dayhrl
-
MD5
4084f9e3eaed4b1fc8a42483f2bd5d90
-
SHA1
a55629e54240adcdab210c16c6210353e025f586
-
SHA256
c24f77ea2979cf9cfa31ccecaa98b94522699ebb384696fe2f0ce6597740f802
-
SHA512
5502bdc5b143f1b538a1f3d87dbe6d3de43b3bf67d2c4369b478f3df721225a0f590b45a9bf49fdd4159d4e6dcab8516956256b5c131dc7bb4ea7e74a3963b0c
-
SSDEEP
24576:xJanfzvORry1Thk07+GlieTy2+ShfXeYuheSA:eaRmJh71l1TfdS
Malware Config
Targets
-
-
Target
4084f9e3eaed4b1fc8a42483f2bd5d90_JaffaCakes118
-
Size
993KB
-
MD5
4084f9e3eaed4b1fc8a42483f2bd5d90
-
SHA1
a55629e54240adcdab210c16c6210353e025f586
-
SHA256
c24f77ea2979cf9cfa31ccecaa98b94522699ebb384696fe2f0ce6597740f802
-
SHA512
5502bdc5b143f1b538a1f3d87dbe6d3de43b3bf67d2c4369b478f3df721225a0f590b45a9bf49fdd4159d4e6dcab8516956256b5c131dc7bb4ea7e74a3963b0c
-
SSDEEP
24576:xJanfzvORry1Thk07+GlieTy2+ShfXeYuheSA:eaRmJh71l1TfdS
Score8/10-
Modifies Windows Firewall
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1