General
-
Target
ea61e8d74f76bdeacf57ce8e912d3983_JaffaCakes118
-
Size
21KB
-
Sample
240919-cd2vtavfmj
-
MD5
ea61e8d74f76bdeacf57ce8e912d3983
-
SHA1
93a742cea984eb31e7765a71cc4e75ee80af94c4
-
SHA256
1a78b6a8273f5f50e029053a4e5b0fb124f730ddb675257581ef0e531495c270
-
SHA512
03bc938545582ef7808bcebb580a432265ed463c50ed947863b4356be7c841ca68becdbd49f3f1528f3ce28a0af94353d7b608c5dae34b91a227c90eb05d2b7b
-
SSDEEP
384:9eJUzTNMpBiVMZq7BPxQU82+oPpq2uMdOYMSdKAbS0:PzTNMpuMw1ZQx2uMH
Malware Config
Targets
-
-
Target
ea61e8d74f76bdeacf57ce8e912d3983_JaffaCakes118
-
Size
21KB
-
MD5
ea61e8d74f76bdeacf57ce8e912d3983
-
SHA1
93a742cea984eb31e7765a71cc4e75ee80af94c4
-
SHA256
1a78b6a8273f5f50e029053a4e5b0fb124f730ddb675257581ef0e531495c270
-
SHA512
03bc938545582ef7808bcebb580a432265ed463c50ed947863b4356be7c841ca68becdbd49f3f1528f3ce28a0af94353d7b608c5dae34b91a227c90eb05d2b7b
-
SSDEEP
384:9eJUzTNMpBiVMZq7BPxQU82+oPpq2uMdOYMSdKAbS0:PzTNMpuMw1ZQx2uMH
Score10/10-
Modifies firewall policy service
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1