General
-
Target
38f0bfe93b83fa03711806ff3a151705_JaffaCakes118
-
Size
19KB
-
Sample
241012-hwz2tstejp
-
MD5
38f0bfe93b83fa03711806ff3a151705
-
SHA1
64b2d35167eef1a9714e28567b736ead3875a537
-
SHA256
48460484b277b57a3d3bb194f96ba0780b26060a17942a192b0ba0121e6a0a4b
-
SHA512
4b02825523da49d12cc80b182ecb602cba4adbc21c11355e58b4275109c636a3ea5d67f4651a64eb2837efb37d6c5dd8f9406aca39406d5cfa272503f51e074b
-
SSDEEP
384:IPyZNjtU2mO4MEWPkyEpUsYHY5m5A43Kdjjp2XW4jKtozElMxVPG:YyZvEEks0kjkoElMxU
Malware Config
Targets
-
-
Target
38f0bfe93b83fa03711806ff3a151705_JaffaCakes118
-
Size
19KB
-
MD5
38f0bfe93b83fa03711806ff3a151705
-
SHA1
64b2d35167eef1a9714e28567b736ead3875a537
-
SHA256
48460484b277b57a3d3bb194f96ba0780b26060a17942a192b0ba0121e6a0a4b
-
SHA512
4b02825523da49d12cc80b182ecb602cba4adbc21c11355e58b4275109c636a3ea5d67f4651a64eb2837efb37d6c5dd8f9406aca39406d5cfa272503f51e074b
-
SSDEEP
384:IPyZNjtU2mO4MEWPkyEpUsYHY5m5A43Kdjjp2XW4jKtozElMxVPG:YyZvEEks0kjkoElMxU
Score10/10-
Modifies firewall policy service
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1AppInit DLLs
1