General
-
Target
ece08630e5ce13293f339c6d07d3cda9_JaffaCakes118
-
Size
1.0MB
-
Sample
240920-fhfpxszenr
-
MD5
ece08630e5ce13293f339c6d07d3cda9
-
SHA1
4dd10e00ca0a361c3e73b475b3bafe7673c594f0
-
SHA256
0ef9193968e62b35f38e38a84dac6f9961dfa1dc340ed1be14e02cbb4c883c80
-
SHA512
e23725eeca309f08db04dd4abe38c24a9744faceed4f3e5df3074af1c57318ee5ae83ad7a091a623c91d2fc18df75a7f87d36c091bff8e8e64fc9143932ebc0c
-
SSDEEP
12288:5t0GfHYy7oLsmY6y3k5CPTDkoek0JKz3wTnnZQcWMzvjgJbiK8pFOTUwZNmookx1:3x7oLtYjU4R50wwbWiMqMZoAu7fvZQ
Malware Config
Targets
-
-
Target
ece08630e5ce13293f339c6d07d3cda9_JaffaCakes118
-
Size
1.0MB
-
MD5
ece08630e5ce13293f339c6d07d3cda9
-
SHA1
4dd10e00ca0a361c3e73b475b3bafe7673c594f0
-
SHA256
0ef9193968e62b35f38e38a84dac6f9961dfa1dc340ed1be14e02cbb4c883c80
-
SHA512
e23725eeca309f08db04dd4abe38c24a9744faceed4f3e5df3074af1c57318ee5ae83ad7a091a623c91d2fc18df75a7f87d36c091bff8e8e64fc9143932ebc0c
-
SSDEEP
12288:5t0GfHYy7oLsmY6y3k5CPTDkoek0JKz3wTnnZQcWMzvjgJbiK8pFOTUwZNmookx1:3x7oLtYjU4R50wwbWiMqMZoAu7fvZQ
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
2AppInit DLLs
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
2AppInit DLLs
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
2Modify Registry
1