General
-
Target
f4d7ce748f02842afc6d0fe61c4e2944_JaffaCakes118
-
Size
14.2MB
-
Sample
240417-cy3mvach3t
-
MD5
f4d7ce748f02842afc6d0fe61c4e2944
-
SHA1
b4ab92d482f695405bf7e0b300553fcd1312abc2
-
SHA256
aca4d1f950e385f84ded0ae2390f84b83a946ea27888616363082fd92ba8677c
-
SHA512
c23623fabec8a3b69224c98518db8239f07beb5a272e667f77aee01963807e0b2fb5ef9fcfe4294401c376f44d024f0eaeccbfe072fb1c4c933ed3166fefe8fd
-
SSDEEP
98304:hjhd88888888888888888888888888888888888888888888888888888888888:h
Static task
static1
Behavioral task
behavioral1
Sample
f4d7ce748f02842afc6d0fe61c4e2944_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f4d7ce748f02842afc6d0fe61c4e2944_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
176.111.174.19
lazystax.ru
Targets
-
-
Target
f4d7ce748f02842afc6d0fe61c4e2944_JaffaCakes118
-
Size
14.2MB
-
MD5
f4d7ce748f02842afc6d0fe61c4e2944
-
SHA1
b4ab92d482f695405bf7e0b300553fcd1312abc2
-
SHA256
aca4d1f950e385f84ded0ae2390f84b83a946ea27888616363082fd92ba8677c
-
SHA512
c23623fabec8a3b69224c98518db8239f07beb5a272e667f77aee01963807e0b2fb5ef9fcfe4294401c376f44d024f0eaeccbfe072fb1c4c933ed3166fefe8fd
-
SSDEEP
98304:hjhd88888888888888888888888888888888888888888888888888888888888:h
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1