General
-
Target
432a7de3f6c1ff085453704ec6542d65_JaffaCakes118
-
Size
559KB
-
Sample
240514-1dk43ahd91
-
MD5
432a7de3f6c1ff085453704ec6542d65
-
SHA1
a43af24662b80b480e8f83a881d756306b06d7d3
-
SHA256
ecc641b4122b657baadc82008921f65cde2e368ca75e889cc100170c32ecfd74
-
SHA512
e36a6e64e5b4d21b9912f0c28d609f3b3808c55fd439e78de00f2f67eacbd0a123f19c1d14103199ca4661c69ad7f5d338e1c1b869c559879549f31e311e6128
-
SSDEEP
12288:ONWz1AUZbht1FGdX3j4tXZmNc64iJJpCeCslYrwBtTZE/k6r7z/hoAN/4:OQzO8bhO8BZmNvZLlYryta7z/OA4
Behavioral task
behavioral1
Sample
432a7de3f6c1ff085453704ec6542d65_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
432a7de3f6c1ff085453704ec6542d65_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
432a7de3f6c1ff085453704ec6542d65_JaffaCakes118
-
Size
559KB
-
MD5
432a7de3f6c1ff085453704ec6542d65
-
SHA1
a43af24662b80b480e8f83a881d756306b06d7d3
-
SHA256
ecc641b4122b657baadc82008921f65cde2e368ca75e889cc100170c32ecfd74
-
SHA512
e36a6e64e5b4d21b9912f0c28d609f3b3808c55fd439e78de00f2f67eacbd0a123f19c1d14103199ca4661c69ad7f5d338e1c1b869c559879549f31e311e6128
-
SSDEEP
12288:ONWz1AUZbht1FGdX3j4tXZmNc64iJJpCeCslYrwBtTZE/k6r7z/hoAN/4:OQzO8bhO8BZmNvZLlYryta7z/OA4
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2