General
-
Target
6fc4c4c05cb5e2d214f24dbc734aee31_JaffaCakes118
-
Size
39.4MB
-
Sample
240524-zdgafaaf22
-
MD5
6fc4c4c05cb5e2d214f24dbc734aee31
-
SHA1
cba43f751e4da89bf4ffca4c0cef2ee4f6cab8ad
-
SHA256
1136a4fa8ec2767d2e8cc5c393102ba5d14d154853e3dd446e08a395f03dc69c
-
SHA512
84e5c90516926b7ef3163159727e3f58ebc43f3b5bd69e843754232ead914bb983c88cd633d965bb400d3d6ace69204e43962e5a806c92c4049b90c72a36bc41
-
SSDEEP
786432:6kxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHX:6sdqqez9H7wWPRt3f3bXo1wNh
Static task
static1
Behavioral task
behavioral1
Sample
6fc4c4c05cb5e2d214f24dbc734aee31_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6fc4c4c05cb5e2d214f24dbc734aee31_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
6fc4c4c05cb5e2d214f24dbc734aee31_JaffaCakes118
-
Size
39.4MB
-
MD5
6fc4c4c05cb5e2d214f24dbc734aee31
-
SHA1
cba43f751e4da89bf4ffca4c0cef2ee4f6cab8ad
-
SHA256
1136a4fa8ec2767d2e8cc5c393102ba5d14d154853e3dd446e08a395f03dc69c
-
SHA512
84e5c90516926b7ef3163159727e3f58ebc43f3b5bd69e843754232ead914bb983c88cd633d965bb400d3d6ace69204e43962e5a806c92c4049b90c72a36bc41
-
SSDEEP
786432:6kxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHX:6sdqqez9H7wWPRt3f3bXo1wNh
Score10/10-
Modifies firewall policy service
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Browser Extensions
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
5Impair Defenses
1Disable or Modify System Firewall
1Subvert Trust Controls
1Install Root Certificate
1