General
-
Target
ef1e686c8c9c3654f1d5597bd2af109d_JaffaCakes118
-
Size
445KB
-
Sample
240921-frlyasweka
-
MD5
ef1e686c8c9c3654f1d5597bd2af109d
-
SHA1
efb5ec52e19c0338f9591bb0a7469e14c2b1cb4a
-
SHA256
38e85d72b61b2425d9701cfc6135c972fd442555428a9afc9fa377f601cb5e53
-
SHA512
24a8d81690c0b693207ce1727e270b2a9b25b702c40bd85f922ab5c92eb956cbb17995990e7f568eff3b0bf72d4fc75e0a69bdd9a291ef952bb281c292c21ec6
-
SSDEEP
6144:ZzqxDJ/AHvuGwqd74ZyJEdKki4r0WFD0VCoybX02p6AVqvnGWnE9/KiYF2Mi7AX3:dIJKwqtxJEfSCHblEHjkMlaIB
Malware Config
Targets
-
-
Target
ef1e686c8c9c3654f1d5597bd2af109d_JaffaCakes118
-
Size
445KB
-
MD5
ef1e686c8c9c3654f1d5597bd2af109d
-
SHA1
efb5ec52e19c0338f9591bb0a7469e14c2b1cb4a
-
SHA256
38e85d72b61b2425d9701cfc6135c972fd442555428a9afc9fa377f601cb5e53
-
SHA512
24a8d81690c0b693207ce1727e270b2a9b25b702c40bd85f922ab5c92eb956cbb17995990e7f568eff3b0bf72d4fc75e0a69bdd9a291ef952bb281c292c21ec6
-
SSDEEP
6144:ZzqxDJ/AHvuGwqd74ZyJEdKki4r0WFD0VCoybX02p6AVqvnGWnE9/KiYF2Mi7AX3:dIJKwqtxJEfSCHblEHjkMlaIB
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1