General
-
Target
e5d02b5d81925682534c05ab4e1eba09_JaffaCakes118
-
Size
141KB
-
Sample
240407-zggqdaed23
-
MD5
e5d02b5d81925682534c05ab4e1eba09
-
SHA1
d8bf5d34c1b8405bfabf3b17a3028413cf17ff01
-
SHA256
11c6fc3f67b71a0ac0ae783654829af25cc68c9bb3396190f35f38eeb77cd3ae
-
SHA512
8a895c014b47a664f28a3a932144d968959c3ca2b1291f983c89bc52a81e06165865b4d1d3726dc42416ab842dd1735d7dc0e16800602694ea7ec7c570be2504
-
SSDEEP
3072:goZ1txeLgP3+Jzw7TrWqZGYbEMH1LSm7kp4qJ/JP+jnVyL:5HxeLgMzoWqIYo4Sld/U7VK
Static task
static1
Behavioral task
behavioral1
Sample
e5d02b5d81925682534c05ab4e1eba09_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e5d02b5d81925682534c05ab4e1eba09_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
e5d02b5d81925682534c05ab4e1eba09_JaffaCakes118
-
Size
141KB
-
MD5
e5d02b5d81925682534c05ab4e1eba09
-
SHA1
d8bf5d34c1b8405bfabf3b17a3028413cf17ff01
-
SHA256
11c6fc3f67b71a0ac0ae783654829af25cc68c9bb3396190f35f38eeb77cd3ae
-
SHA512
8a895c014b47a664f28a3a932144d968959c3ca2b1291f983c89bc52a81e06165865b4d1d3726dc42416ab842dd1735d7dc0e16800602694ea7ec7c570be2504
-
SSDEEP
3072:goZ1txeLgP3+Jzw7TrWqZGYbEMH1LSm7kp4qJ/JP+jnVyL:5HxeLgMzoWqIYo4Sld/U7VK
Score8/10-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1