General
-
Target
1189f2a7622bc77eae0da90456757650_JaffaCakes118
-
Size
207KB
-
Sample
241004-ddxrja1ank
-
MD5
1189f2a7622bc77eae0da90456757650
-
SHA1
36a4a4e0e2c06867031d56d6c205d55d5cfe9ce3
-
SHA256
5d75a3f480b6bf237048377112622bdddea909bee4c145530e481490c46e450b
-
SHA512
996c475d0aa0366ed8239fc361bb880a0116148942e3abd6795a12e4a3dd463c72f8a27713a47e4bc34823c61971d5b2b9554ea74b77503f9dbacbcdeb156a08
-
SSDEEP
3072:pt+21Dy2YDbSw/tdf2/Wx7PXGs1zwOEsVz1UsKUlf4ISW0CynREYAVZW0sS2jbx:z+sW5dDx7WsosAsP14jWMRsP/sSbGq
Malware Config
Targets
-
-
Target
1189f2a7622bc77eae0da90456757650_JaffaCakes118
-
Size
207KB
-
MD5
1189f2a7622bc77eae0da90456757650
-
SHA1
36a4a4e0e2c06867031d56d6c205d55d5cfe9ce3
-
SHA256
5d75a3f480b6bf237048377112622bdddea909bee4c145530e481490c46e450b
-
SHA512
996c475d0aa0366ed8239fc361bb880a0116148942e3abd6795a12e4a3dd463c72f8a27713a47e4bc34823c61971d5b2b9554ea74b77503f9dbacbcdeb156a08
-
SSDEEP
3072:pt+21Dy2YDbSw/tdf2/Wx7PXGs1zwOEsVz1UsKUlf4ISW0CynREYAVZW0sS2jbx:z+sW5dDx7WsosAsP14jWMRsP/sSbGq
Score10/10-
Modifies security service
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1