General
-
Target
8842e9bc815ee5ea94bb20bc744dce2d_JaffaCakes118
-
Size
219KB
-
Sample
240811-aml5lszepe
-
MD5
8842e9bc815ee5ea94bb20bc744dce2d
-
SHA1
efd18e92bab563e8d15161b17c56e5369a033702
-
SHA256
a11b48deb62eaa541ecdf4155f015cc723f82cc35baf1bd8fea60a30688b9f1e
-
SHA512
ca74be2373b630dee5726b7918de311161085c736b784862bde45d285b42bbfe69dfb4f99a596d58af28b6532ce6ff157d4b33f647bd6d2e08d819ece153dc23
-
SSDEEP
3072:vTnPOjh9u5j+kQiLynM0qm2etDI2nLLEN7Uv9pDNxDSHfv7qsDqdJqW:vrPOjDu5Kk2M0LEivDNRSHHZ
Malware Config
Targets
-
-
Target
8842e9bc815ee5ea94bb20bc744dce2d_JaffaCakes118
-
Size
219KB
-
MD5
8842e9bc815ee5ea94bb20bc744dce2d
-
SHA1
efd18e92bab563e8d15161b17c56e5369a033702
-
SHA256
a11b48deb62eaa541ecdf4155f015cc723f82cc35baf1bd8fea60a30688b9f1e
-
SHA512
ca74be2373b630dee5726b7918de311161085c736b784862bde45d285b42bbfe69dfb4f99a596d58af28b6532ce6ff157d4b33f647bd6d2e08d819ece153dc23
-
SSDEEP
3072:vTnPOjh9u5j+kQiLynM0qm2etDI2nLLEN7Uv9pDNxDSHfv7qsDqdJqW:vrPOjDu5Kk2M0LEivDNRSHHZ
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
5