General
-
Target
f007b11b6014d888d33b581c438bc296_JaffaCakes118
-
Size
757KB
-
Sample
240415-cc17wsbe82
-
MD5
f007b11b6014d888d33b581c438bc296
-
SHA1
18fe4c3997b5730b3c0a375314be046903325817
-
SHA256
570985f06c6a51a2df7ff6706931807de298709e0083a56b38caf572635efec0
-
SHA512
58bc0f72616b8f918ffce1b50a858b50596784e8062860cceb4b9ac92103147f719729460b86c009ce6e404a073beb438d0880e97f23ce61fa66d66e609645b5
-
SSDEEP
12288:w9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKEqMd0QZh9u:2AQ6Zx9cxTmOrucTIEFSpOGVD0QZh9u
Behavioral task
behavioral1
Sample
f007b11b6014d888d33b581c438bc296_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f007b11b6014d888d33b581c438bc296_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f007b11b6014d888d33b581c438bc296_JaffaCakes118
-
Size
757KB
-
MD5
f007b11b6014d888d33b581c438bc296
-
SHA1
18fe4c3997b5730b3c0a375314be046903325817
-
SHA256
570985f06c6a51a2df7ff6706931807de298709e0083a56b38caf572635efec0
-
SHA512
58bc0f72616b8f918ffce1b50a858b50596784e8062860cceb4b9ac92103147f719729460b86c009ce6e404a073beb438d0880e97f23ce61fa66d66e609645b5
-
SSDEEP
12288:w9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKEqMd0QZh9u:2AQ6Zx9cxTmOrucTIEFSpOGVD0QZh9u
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables Task Manager via registry modification
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2