General
-
Target
f12a5219d117c6a4496d9a9eb4e7c8a7_JaffaCakes118
-
Size
10.8MB
-
Sample
240415-qrjhaafe42
-
MD5
f12a5219d117c6a4496d9a9eb4e7c8a7
-
SHA1
d7ef6c03019a87da7fbf8b29cbc31d70ac04d9be
-
SHA256
d9f501425c28467ad243a0abb9e40e2763ef9cdc7a8837781bea5ef8f0872e20
-
SHA512
008c29acaf9a91aea6f4ac982901988c01a3334a5da56d2d2f60d200bdc315f2c888dbf86dd8e8134d3c886a948b7be842f5df93584d9b8a71491c88e45448af
-
SSDEEP
24576:UjDuKnh7YzbKBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB1:Unh
Static task
static1
Behavioral task
behavioral1
Sample
f12a5219d117c6a4496d9a9eb4e7c8a7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f12a5219d117c6a4496d9a9eb4e7c8a7_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
f12a5219d117c6a4496d9a9eb4e7c8a7_JaffaCakes118
-
Size
10.8MB
-
MD5
f12a5219d117c6a4496d9a9eb4e7c8a7
-
SHA1
d7ef6c03019a87da7fbf8b29cbc31d70ac04d9be
-
SHA256
d9f501425c28467ad243a0abb9e40e2763ef9cdc7a8837781bea5ef8f0872e20
-
SHA512
008c29acaf9a91aea6f4ac982901988c01a3334a5da56d2d2f60d200bdc315f2c888dbf86dd8e8134d3c886a948b7be842f5df93584d9b8a71491c88e45448af
-
SSDEEP
24576:UjDuKnh7YzbKBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB1:Unh
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2