General
-
Target
003b4515549d1ff09b1a928c046500eb_JaffaCakes118
-
Size
39.4MB
-
Sample
240426-hqztwabc57
-
MD5
003b4515549d1ff09b1a928c046500eb
-
SHA1
f70f078fd2bbbfb41f6f06d17f66311dea3d7260
-
SHA256
51b484fe0f362e74d1b5ece6778705145ade143f37e8fdb03b78d7aecd70a973
-
SHA512
96c2202a061d24997a26f81904dda5bb57e2fc85ee69717e507ff68e90283b241c2126f1afdf7b5fcdffa506bff34f1b9dc88bd51ba4a959ecf3034b09e5ff6e
-
SSDEEP
786432:Kkxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHu:Ksdqqez9H7wWPRt3f3bXo1wNg
Static task
static1
Behavioral task
behavioral1
Sample
003b4515549d1ff09b1a928c046500eb_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
003b4515549d1ff09b1a928c046500eb_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
003b4515549d1ff09b1a928c046500eb_JaffaCakes118
-
Size
39.4MB
-
MD5
003b4515549d1ff09b1a928c046500eb
-
SHA1
f70f078fd2bbbfb41f6f06d17f66311dea3d7260
-
SHA256
51b484fe0f362e74d1b5ece6778705145ade143f37e8fdb03b78d7aecd70a973
-
SHA512
96c2202a061d24997a26f81904dda5bb57e2fc85ee69717e507ff68e90283b241c2126f1afdf7b5fcdffa506bff34f1b9dc88bd51ba4a959ecf3034b09e5ff6e
-
SSDEEP
786432:Kkxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHu:Ksdqqez9H7wWPRt3f3bXo1wNg
Score10/10-
Modifies firewall policy service
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Browser Extensions
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
5Impair Defenses
1Disable or Modify System Firewall
1Subvert Trust Controls
1Install Root Certificate
1