General
-
Target
05a8293037703774564283b207a09a48_JaffaCakes118
-
Size
39.4MB
-
Sample
240428-vhxqrscf2v
-
MD5
05a8293037703774564283b207a09a48
-
SHA1
ff7023739be05467f295f9b802c359e18967ec25
-
SHA256
ca39c537d1f5a48f549fbb72406aad9b547a57ff56283f69e5cd031d512c47f3
-
SHA512
276bc020aa9bf1ada16927d36fe8eefdef35437c09ac967e0d632895e66a4256b7e81bd69cf698e1dade7b3ded88769089b406947cbb90857fa48e14bf3b1e82
-
SSDEEP
786432:wkxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHXa:wsdqqez9H7wWPRt3f3bXo1wNBa
Static task
static1
Behavioral task
behavioral1
Sample
05a8293037703774564283b207a09a48_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
05a8293037703774564283b207a09a48_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
05a8293037703774564283b207a09a48_JaffaCakes118
-
Size
39.4MB
-
MD5
05a8293037703774564283b207a09a48
-
SHA1
ff7023739be05467f295f9b802c359e18967ec25
-
SHA256
ca39c537d1f5a48f549fbb72406aad9b547a57ff56283f69e5cd031d512c47f3
-
SHA512
276bc020aa9bf1ada16927d36fe8eefdef35437c09ac967e0d632895e66a4256b7e81bd69cf698e1dade7b3ded88769089b406947cbb90857fa48e14bf3b1e82
-
SSDEEP
786432:wkxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHXa:wsdqqez9H7wWPRt3f3bXo1wNBa
Score10/10-
Modifies firewall policy service
-
Adds Run key to start application
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Browser Extensions
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
5Subvert Trust Controls
1Install Root Certificate
1