General
-
Target
8c9ee2556eb31f2b7608c54b335f5e39_JaffaCakes118
-
Size
139KB
-
Sample
240812-axr4ls1eke
-
MD5
8c9ee2556eb31f2b7608c54b335f5e39
-
SHA1
82f3f250019e361bf90f7b2d649ecd55634460e1
-
SHA256
16449ddb6b1d88368da42175a126041d24b90d1498760e8e12dd340ed30f5666
-
SHA512
2279b0fe536f287f895385628c58d3668417b3d51a62f32fc50187e92377b7cfae79587195175c79bab87538c522fbf2819683b76995d71e2f7b06e75de9d67a
-
SSDEEP
3072:JMTdQO2oWRrMu4Ubc6mFG/SyTOSd0+uZRpQNnJSKa4PO8T:J41SVwDcdTddbMLQNnza+T
Malware Config
Targets
-
-
Target
8c9ee2556eb31f2b7608c54b335f5e39_JaffaCakes118
-
Size
139KB
-
MD5
8c9ee2556eb31f2b7608c54b335f5e39
-
SHA1
82f3f250019e361bf90f7b2d649ecd55634460e1
-
SHA256
16449ddb6b1d88368da42175a126041d24b90d1498760e8e12dd340ed30f5666
-
SHA512
2279b0fe536f287f895385628c58d3668417b3d51a62f32fc50187e92377b7cfae79587195175c79bab87538c522fbf2819683b76995d71e2f7b06e75de9d67a
-
SSDEEP
3072:JMTdQO2oWRrMu4Ubc6mFG/SyTOSd0+uZRpQNnJSKa4PO8T:J41SVwDcdTddbMLQNnza+T
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1