General
-
Target
fcaa9d049f3605f85174de53a9e8b1d3_JaffaCakes118
-
Size
98KB
-
Sample
240420-nk1rwaga6w
-
MD5
fcaa9d049f3605f85174de53a9e8b1d3
-
SHA1
93d2123580dd84b5665ef4af5b304d46c904cdb0
-
SHA256
31ed228555eea0a67ed0794a53248ea50cc4c15b156828e0a5f5b392f23005ad
-
SHA512
d0c29e46736277a78c128ec1d10392efc94eabff61a11f2ca89531066f626e457874acb8c83ebf2c0ddc4b73b30d4d960369ce3fe7969310cbb3b6da566fc775
-
SSDEEP
3072:ut6lBtl2ds/LXgMYeBuFGik8jwaaHw7Koj4rD83F:q6lBX2dszdRM
Static task
static1
Behavioral task
behavioral1
Sample
fcaa9d049f3605f85174de53a9e8b1d3_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fcaa9d049f3605f85174de53a9e8b1d3_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
fcaa9d049f3605f85174de53a9e8b1d3_JaffaCakes118
-
Size
98KB
-
MD5
fcaa9d049f3605f85174de53a9e8b1d3
-
SHA1
93d2123580dd84b5665ef4af5b304d46c904cdb0
-
SHA256
31ed228555eea0a67ed0794a53248ea50cc4c15b156828e0a5f5b392f23005ad
-
SHA512
d0c29e46736277a78c128ec1d10392efc94eabff61a11f2ca89531066f626e457874acb8c83ebf2c0ddc4b73b30d4d960369ce3fe7969310cbb3b6da566fc775
-
SSDEEP
3072:ut6lBtl2ds/LXgMYeBuFGik8jwaaHw7Koj4rD83F:q6lBX2dszdRM
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1