General
-
Target
007f485b70277dc3d8a978edfd561241_JaffaCakes118
-
Size
5.5MB
-
Sample
240426-lqf9badg43
-
MD5
007f485b70277dc3d8a978edfd561241
-
SHA1
462d813115a1435ab9235ad4f02d1df2660ab847
-
SHA256
330721800674398e1a450deb059418e7dd7758eec2aeccfa1fe054eeb0850e4a
-
SHA512
3b8139a4375561d8979e2aa25b4fc21eedea74f909e0909c38647d4ca84d15e8ee435377f1714f910914107306da9c9adc0e6316d287ed3808796ab3dec59e28
-
SSDEEP
98304:OoskEEoskE0oskEeoskEkoskEWoskE4oskE0oskEYoskEC:X
Static task
static1
Behavioral task
behavioral1
Sample
007f485b70277dc3d8a978edfd561241_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
007f485b70277dc3d8a978edfd561241_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
007f485b70277dc3d8a978edfd561241_JaffaCakes118
-
Size
5.5MB
-
MD5
007f485b70277dc3d8a978edfd561241
-
SHA1
462d813115a1435ab9235ad4f02d1df2660ab847
-
SHA256
330721800674398e1a450deb059418e7dd7758eec2aeccfa1fe054eeb0850e4a
-
SHA512
3b8139a4375561d8979e2aa25b4fc21eedea74f909e0909c38647d4ca84d15e8ee435377f1714f910914107306da9c9adc0e6316d287ed3808796ab3dec59e28
-
SSDEEP
98304:OoskEEoskE0oskEeoskEkoskEWoskE4oskE0oskEYoskEC:X
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables use of System Restore points
-
Drops file in Drivers directory
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
9Hide Artifacts
2Hidden Files and Directories
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1