General
-
Target
a5b857a4972fc76f74e7919bcc123fda_JaffaCakes118
-
Size
676KB
-
Sample
240818-g62sqszgld
-
MD5
a5b857a4972fc76f74e7919bcc123fda
-
SHA1
b00fcf80fc287db906783d092a66d4210970f9e3
-
SHA256
b136fb788d01d3a21e6177bba932eb213d8491668f3a911b8c9e496edc26db1b
-
SHA512
d8629b482630aa1a4198772aef52f5fae5a2ab27b2223f625c3926400dc519d7ac1058c0135b8be8aee5f299c70c6d49a70f30791eb768e8eb843111a763ebfd
-
SSDEEP
12288:yxUKmu14ikXOuO6ShS3Q8WYKvQMoT32/oOzZKbWoo0f+dAlYHwuiLaFt3ar:yfmu14U6ShgQ8FHTGA6ZBdAlgwuiLan
Malware Config
Targets
-
-
Target
a5b857a4972fc76f74e7919bcc123fda_JaffaCakes118
-
Size
676KB
-
MD5
a5b857a4972fc76f74e7919bcc123fda
-
SHA1
b00fcf80fc287db906783d092a66d4210970f9e3
-
SHA256
b136fb788d01d3a21e6177bba932eb213d8491668f3a911b8c9e496edc26db1b
-
SHA512
d8629b482630aa1a4198772aef52f5fae5a2ab27b2223f625c3926400dc519d7ac1058c0135b8be8aee5f299c70c6d49a70f30791eb768e8eb843111a763ebfd
-
SSDEEP
12288:yxUKmu14ikXOuO6ShS3Q8WYKvQMoT32/oOzZKbWoo0f+dAlYHwuiLaFt3ar:yfmu14U6ShgQ8FHTGA6ZBdAlgwuiLan
Score10/10-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1