General
-
Target
f245becda4e918e10f650671bfbe60a5_JaffaCakes118
-
Size
6.2MB
-
Sample
240416-atcvhscd98
-
MD5
f245becda4e918e10f650671bfbe60a5
-
SHA1
9bb1c7cf3c0f9b767b2f21ebc907b158622d9b71
-
SHA256
151778a15b41a29e7254c63a24e70cbe3cb76b15fd621afe435b197b20ff91b4
-
SHA512
c72033f994cc77c265da433c6467d9fcfc33fae63415b6ac02391e14cb256b0e3185b1470e7f86a8dea2eba822f6657430103a5b786703254e5c361b546407a5
-
SSDEEP
196608:N7effIPEsy58doQaTzwZ8Jq3QKnqVtxQnKnqVtxQu9OryfEQ2wryfEQuQILhf8s+:N7effIPEsy58doQaTzwZ8Jq3QKnqVtxj
Static task
static1
Behavioral task
behavioral1
Sample
f245becda4e918e10f650671bfbe60a5_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f245becda4e918e10f650671bfbe60a5_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
f245becda4e918e10f650671bfbe60a5_JaffaCakes118
-
Size
6.2MB
-
MD5
f245becda4e918e10f650671bfbe60a5
-
SHA1
9bb1c7cf3c0f9b767b2f21ebc907b158622d9b71
-
SHA256
151778a15b41a29e7254c63a24e70cbe3cb76b15fd621afe435b197b20ff91b4
-
SHA512
c72033f994cc77c265da433c6467d9fcfc33fae63415b6ac02391e14cb256b0e3185b1470e7f86a8dea2eba822f6657430103a5b786703254e5c361b546407a5
-
SSDEEP
196608:N7effIPEsy58doQaTzwZ8Jq3QKnqVtxQnKnqVtxQu9OryfEQ2wryfEQuQILhf8s+:N7effIPEsy58doQaTzwZ8Jq3QKnqVtxj
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2