General
-
Target
432959d317a328f60449693bb2bec903_JaffaCakes118
-
Size
1.3MB
-
Sample
240713-ywnxkaxfmc
-
MD5
432959d317a328f60449693bb2bec903
-
SHA1
2c96f7fd387057b9dcba8ce5aa6d78095347d749
-
SHA256
701729262b268f9ad364f27b7ef3280287bb26b7e4387516cb52e60620a6fb50
-
SHA512
21695e4e624e6d241580c7da6680770c425b82b31c8ea50a6b6773000fbdc3cce25018bb4117cd74a95389fc8b91e6f51d2690b1856e86626ac9a4268645f2b0
-
SSDEEP
24576:echK1soaVJMKbtbGAZKzxa5lCyQIzeIZuTOTknxIZt8ZFcadj0Wl:ecoKWKbtf1WIzeBTOAkwFcT
Malware Config
Targets
-
-
Target
432959d317a328f60449693bb2bec903_JaffaCakes118
-
Size
1.3MB
-
MD5
432959d317a328f60449693bb2bec903
-
SHA1
2c96f7fd387057b9dcba8ce5aa6d78095347d749
-
SHA256
701729262b268f9ad364f27b7ef3280287bb26b7e4387516cb52e60620a6fb50
-
SHA512
21695e4e624e6d241580c7da6680770c425b82b31c8ea50a6b6773000fbdc3cce25018bb4117cd74a95389fc8b91e6f51d2690b1856e86626ac9a4268645f2b0
-
SSDEEP
24576:echK1soaVJMKbtbGAZKzxa5lCyQIzeIZuTOTknxIZt8ZFcadj0Wl:ecoKWKbtf1WIzeBTOAkwFcT
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1