General
-
Target
67717f76f76dbbe239236765e19d85b8_JaffaCakes118
-
Size
39.4MB
-
Sample
240522-qw89hadd5z
-
MD5
67717f76f76dbbe239236765e19d85b8
-
SHA1
e9222fa3cb1ffce14fe092c8fc25556de92d683b
-
SHA256
4a4eb18a9ded4da7fb2b586c5faf1ca074db2416cfaa1d03fa8d6b0524e5e50b
-
SHA512
16c92d0cb7f45810116adec55799d70fcc84be7c0ab8d6262d3c1dfba9da30a1d32ebf96dfb35796af4760cb1eab1a4300ac1f06de50e7a6479f05b4fc30e6a3
-
SSDEEP
786432:ykxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVH0:ysdqqez9H7wWPRt3f3bXo1wN2
Static task
static1
Behavioral task
behavioral1
Sample
67717f76f76dbbe239236765e19d85b8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
67717f76f76dbbe239236765e19d85b8_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
67717f76f76dbbe239236765e19d85b8_JaffaCakes118
-
Size
39.4MB
-
MD5
67717f76f76dbbe239236765e19d85b8
-
SHA1
e9222fa3cb1ffce14fe092c8fc25556de92d683b
-
SHA256
4a4eb18a9ded4da7fb2b586c5faf1ca074db2416cfaa1d03fa8d6b0524e5e50b
-
SHA512
16c92d0cb7f45810116adec55799d70fcc84be7c0ab8d6262d3c1dfba9da30a1d32ebf96dfb35796af4760cb1eab1a4300ac1f06de50e7a6479f05b4fc30e6a3
-
SSDEEP
786432:ykxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVH0:ysdqqez9H7wWPRt3f3bXo1wN2
Score10/10-
Modifies firewall policy service
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Browser Extensions
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
5Subvert Trust Controls
1Install Root Certificate
1