General
-
Target
77dd2e67ae3a0d69f2c7b8d8619e9d9d_JaffaCakes118
-
Size
142KB
-
Sample
240527-erskeagf84
-
MD5
77dd2e67ae3a0d69f2c7b8d8619e9d9d
-
SHA1
4736ebc4bcc6dea80889ca46575a0d9d10ee05f9
-
SHA256
c980f397ea8ed1320a3cb81a5e347bd60794bd54e2d7348aee8a7adea1b1beb4
-
SHA512
deb8ad9fd4693cb01d158a416105345c8a6e62690654bacfcc49947a684c87167618d1bfec1df83701d4e388ad00490771bf3ed47cc5d953b167fd0c6cbf2b5c
-
SSDEEP
3072:y9Tpm/Wn628w6rzTkYfiL2+jKfgi4m5nuGFU6W6WN06QUj:teizwFLnKP46uC2
Static task
static1
Behavioral task
behavioral1
Sample
77dd2e67ae3a0d69f2c7b8d8619e9d9d_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
77dd2e67ae3a0d69f2c7b8d8619e9d9d_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
77dd2e67ae3a0d69f2c7b8d8619e9d9d_JaffaCakes118
-
Size
142KB
-
MD5
77dd2e67ae3a0d69f2c7b8d8619e9d9d
-
SHA1
4736ebc4bcc6dea80889ca46575a0d9d10ee05f9
-
SHA256
c980f397ea8ed1320a3cb81a5e347bd60794bd54e2d7348aee8a7adea1b1beb4
-
SHA512
deb8ad9fd4693cb01d158a416105345c8a6e62690654bacfcc49947a684c87167618d1bfec1df83701d4e388ad00490771bf3ed47cc5d953b167fd0c6cbf2b5c
-
SSDEEP
3072:y9Tpm/Wn628w6rzTkYfiL2+jKfgi4m5nuGFU6W6WN06QUj:teizwFLnKP46uC2
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1