General
-
Target
6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118
-
Size
2.3MB
-
Sample
240523-aveeqseg8y
-
MD5
6926861abc5e60e35309e6bd1f40ddd2
-
SHA1
68d78e10ce0d92f943725f4a20cde30336551765
-
SHA256
036b971c031f1a90ddbf4e298d3f6491259bd1594fb9d9cc7f0025a8c68bc112
-
SHA512
a3cf7bdcefaa2e2b4da50b3ebd5f35db2c6704d5f6a3d7bcb912cf90b014c42534ec0b97fb766c1b5ceb73d0228e0dbb51cac92e0ad28f60cb8ae0d5dce93db9
-
SSDEEP
49152:0uuE7AnqIxGrGYyZa/tgrYJUGfZC3wA6EylfwEaFWd:eE7AqrlyutLxC3sEwwMd
Static task
static1
Behavioral task
behavioral1
Sample
6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
6926861abc5e60e35309e6bd1f40ddd2_JaffaCakes118
-
Size
2.3MB
-
MD5
6926861abc5e60e35309e6bd1f40ddd2
-
SHA1
68d78e10ce0d92f943725f4a20cde30336551765
-
SHA256
036b971c031f1a90ddbf4e298d3f6491259bd1594fb9d9cc7f0025a8c68bc112
-
SHA512
a3cf7bdcefaa2e2b4da50b3ebd5f35db2c6704d5f6a3d7bcb912cf90b014c42534ec0b97fb766c1b5ceb73d0228e0dbb51cac92e0ad28f60cb8ae0d5dce93db9
-
SSDEEP
49152:0uuE7AnqIxGrGYyZa/tgrYJUGfZC3wA6EylfwEaFWd:eE7AqrlyutLxC3sEwwMd
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-