General
-
Target
edc1812d0f584be4048a3a32da9c5fb9_JaffaCakes118
-
Size
564KB
-
Sample
240920-rfy92azgpc
-
MD5
edc1812d0f584be4048a3a32da9c5fb9
-
SHA1
c71fc3e0ddfec85e7b09e87c85b28e44a0fc15f3
-
SHA256
04d077f7045628852ebaf451e56c428b89e63a144c4fd9f87cc5cbe340748587
-
SHA512
20df108c6014a7ecd6414a4408f51f828d2b2cedd9b968f649d37046b43be6b14381b83e7a3e2110a44b8ac9d2e2be78552971e4b3d73ff9aa9ca6aa7f828980
-
SSDEEP
12288:ikE0bH5xnrGpk9mfY0zK09iN5J9rrKq+AT7Jb2wc4isGQKmFjJQTjQFeWUaiBF/e:Zr2QJVFwVmFjJtRcm
Malware Config
Targets
-
-
Target
edc1812d0f584be4048a3a32da9c5fb9_JaffaCakes118
-
Size
564KB
-
MD5
edc1812d0f584be4048a3a32da9c5fb9
-
SHA1
c71fc3e0ddfec85e7b09e87c85b28e44a0fc15f3
-
SHA256
04d077f7045628852ebaf451e56c428b89e63a144c4fd9f87cc5cbe340748587
-
SHA512
20df108c6014a7ecd6414a4408f51f828d2b2cedd9b968f649d37046b43be6b14381b83e7a3e2110a44b8ac9d2e2be78552971e4b3d73ff9aa9ca6aa7f828980
-
SSDEEP
12288:ikE0bH5xnrGpk9mfY0zK09iN5J9rrKq+AT7Jb2wc4isGQKmFjJQTjQFeWUaiBF/e:Zr2QJVFwVmFjJtRcm
Score10/10-
Modifies firewall policy service
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1