General
-
Target
65be5073c6f4834d3d1c73594d97b75d_JaffaCakes118
-
Size
1.4MB
-
Sample
240522-c9ltgahh39
-
MD5
65be5073c6f4834d3d1c73594d97b75d
-
SHA1
06c6bc46067313ccaf0d0dad517f5f216f46b4be
-
SHA256
ab3e4f1244221a33e4995c6bad5e84a5533c633e7efa51c61fd958803ac5ec14
-
SHA512
a1f333d5001246ce6443d2203b31af97bc946326453680dd5d5c4f8c9c60ca473f844a1ee565b56ccc618434c794d449aa4f618604ee9a1b227e6203be8310c9
-
SSDEEP
24576:651RzX5yRZj474urTiFDhRj5m6tYFyIG4SN6u0QHsBQ4oxKy1fumXF:DZj474GOdcG76u0QMBQ4ox5umX
Static task
static1
Behavioral task
behavioral1
Sample
65be5073c6f4834d3d1c73594d97b75d_JaffaCakes118.dll
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
65be5073c6f4834d3d1c73594d97b75d_JaffaCakes118
-
Size
1.4MB
-
MD5
65be5073c6f4834d3d1c73594d97b75d
-
SHA1
06c6bc46067313ccaf0d0dad517f5f216f46b4be
-
SHA256
ab3e4f1244221a33e4995c6bad5e84a5533c633e7efa51c61fd958803ac5ec14
-
SHA512
a1f333d5001246ce6443d2203b31af97bc946326453680dd5d5c4f8c9c60ca473f844a1ee565b56ccc618434c794d449aa4f618604ee9a1b227e6203be8310c9
-
SSDEEP
24576:651RzX5yRZj474urTiFDhRj5m6tYFyIG4SN6u0QHsBQ4oxKy1fumXF:DZj474GOdcG76u0QMBQ4ox5umX
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-