General
-
Target
03cb04007c23adb437097ea1a0c11fa1_JaffaCakes118
-
Size
275KB
-
Sample
241001-a2wbtswgpa
-
MD5
03cb04007c23adb437097ea1a0c11fa1
-
SHA1
f46308c5b83055b2c633c88a77d3c0858432c6fc
-
SHA256
fa207fee8ebbd9dbaa3aec005e58fb47692c0ac19cd2f8513bda55359135ab25
-
SHA512
c58119bbc170ea1868c47b81d1d812804add5d0decae1e8a3ef046a88b6da39163c9e3c584928b5939fc0b15a499a710b2a3141dd6b1d72801449bad93739637
-
SSDEEP
6144:ttA++cFXHTJDx/AvMRd65ZoD2lN9t6Al:ttcgXHTJDisk5CDunTl
Malware Config
Targets
-
-
Target
03cb04007c23adb437097ea1a0c11fa1_JaffaCakes118
-
Size
275KB
-
MD5
03cb04007c23adb437097ea1a0c11fa1
-
SHA1
f46308c5b83055b2c633c88a77d3c0858432c6fc
-
SHA256
fa207fee8ebbd9dbaa3aec005e58fb47692c0ac19cd2f8513bda55359135ab25
-
SHA512
c58119bbc170ea1868c47b81d1d812804add5d0decae1e8a3ef046a88b6da39163c9e3c584928b5939fc0b15a499a710b2a3141dd6b1d72801449bad93739637
-
SSDEEP
6144:ttA++cFXHTJDx/AvMRd65ZoD2lN9t6Al:ttcgXHTJDisk5CDunTl
Score10/10-
Modifies security service
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1