General
-
Target
aa563b29924d4a03a63a4d6194c1da6c_JaffaCakes118
-
Size
15KB
-
Sample
240819-knl64svalb
-
MD5
aa563b29924d4a03a63a4d6194c1da6c
-
SHA1
84e862bab2cc493c6829646d2e3259bc6f52e6e3
-
SHA256
a1275d40115fc187334b012b1239e2ec2e97519b2944c3f0f3b948767641790a
-
SHA512
d14b65641b70de3890d71db76f27e4203c0d76d7922123e106c0a1c42c5a52bfab33b7d9716a34e4aae369bf3f6ca33a5b2d8fae7e79e460c5b5cbff5e6acadc
-
SSDEEP
384:I6ZeAbFxWdK6aDPdQlLjSymiEdeZgkCB4Vyom5pcSilhyf++h9lU:teAWvaLKlXSpldeK9aiLyy2+S
Malware Config
Targets
-
-
Target
aa563b29924d4a03a63a4d6194c1da6c_JaffaCakes118
-
Size
15KB
-
MD5
aa563b29924d4a03a63a4d6194c1da6c
-
SHA1
84e862bab2cc493c6829646d2e3259bc6f52e6e3
-
SHA256
a1275d40115fc187334b012b1239e2ec2e97519b2944c3f0f3b948767641790a
-
SHA512
d14b65641b70de3890d71db76f27e4203c0d76d7922123e106c0a1c42c5a52bfab33b7d9716a34e4aae369bf3f6ca33a5b2d8fae7e79e460c5b5cbff5e6acadc
-
SSDEEP
384:I6ZeAbFxWdK6aDPdQlLjSymiEdeZgkCB4Vyom5pcSilhyf++h9lU:teAWvaLKlXSpldeK9aiLyy2+S
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1