General
-
Target
69669d80ee67ca88c2c636c5f4e567ac_JaffaCakes118
-
Size
2.9MB
-
Sample
240523-ckxjnsab74
-
MD5
69669d80ee67ca88c2c636c5f4e567ac
-
SHA1
7854501a76d59ad31844330782db017b2d8ea8a5
-
SHA256
dd3edd0a584fff1f7eadd86f868eeda95f05138caf70c5ba8d807af2f8390887
-
SHA512
024a27a001c18276c7e6863119d3fbe72eb7157be9142bca5e1b058e52abf61648251896460a1c43ac02a8bf790201a1ed770ae37b2d20e4e2f01f7d9319bf4c
-
SSDEEP
49152:17HeAMVNwP8ne1BSGMrrBB1ZTH8QNPf199bs5FCIrMAZJln19Ot6kza3zwj:17HeVLugBB1ZTH8iHZ2CIrMWJb9Lw
Static task
static1
Behavioral task
behavioral1
Sample
69669d80ee67ca88c2c636c5f4e567ac_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
69669d80ee67ca88c2c636c5f4e567ac_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$TEMP/TWUCSTRVZCTWUCSTRVZCTWUCSTRVZC.ps1
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$TEMP/TWUCSTRVZCTWUCSTRVZCTWUCSTRVZC.ps1
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
69669d80ee67ca88c2c636c5f4e567ac_JaffaCakes118
-
Size
2.9MB
-
MD5
69669d80ee67ca88c2c636c5f4e567ac
-
SHA1
7854501a76d59ad31844330782db017b2d8ea8a5
-
SHA256
dd3edd0a584fff1f7eadd86f868eeda95f05138caf70c5ba8d807af2f8390887
-
SHA512
024a27a001c18276c7e6863119d3fbe72eb7157be9142bca5e1b058e52abf61648251896460a1c43ac02a8bf790201a1ed770ae37b2d20e4e2f01f7d9319bf4c
-
SSDEEP
49152:17HeAMVNwP8ne1BSGMrrBB1ZTH8QNPf199bs5FCIrMAZJln19Ot6kza3zwj:17HeVLugBB1ZTH8iHZ2CIrMWJb9Lw
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
fbe295e5a1acfbd0a6271898f885fe6a
-
SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da
-
SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
-
SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
-
SSDEEP
192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
Score3/10 -
-
-
Target
$TEMP/TWUCSTRVZCTWUCSTRVZCTWUCSTRVZC.ps1
-
Size
3.5MB
-
MD5
67e1452131ae07c4b67762d3c302f52b
-
SHA1
d6329ac864341d9dd86ff9032df8912ec8c44c8b
-
SHA256
6416923da618a13311012632be2aa383a711c84ee182670e663e4bd8c6464950
-
SHA512
013ee8398189be291970c431be6cab9597e9c3650be44c8842bafeb90e2ac84dc720daf82f24bf67bab4564272fcb34db76b352923697095f9e4b9ed2a553280
-
SSDEEP
49152:RIUxx1Km3fApVfWdmS+KyU053ZBqoBcTq:Y
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-