General
-
Target
781bbdb421a473206fc37919f28a27db_JaffaCakes118
-
Size
2.1MB
-
Sample
240527-gjve5sab7v
-
MD5
781bbdb421a473206fc37919f28a27db
-
SHA1
d85b45996684e12dabcedcd03a5c8e0bdd6f1935
-
SHA256
366d8b84a43a528e6aaf9ecfc38980b148f983967803914471ccf011b9bb0832
-
SHA512
185c48044eeeadca08888218c915a5d0513f7439655aa101bf5615ccfa0ba43ff69712c63c09b53bd1cf0379ddd867e1f9fdd7638136a8bd30ce02dbff06bfb7
-
SSDEEP
24576:qizYdhBFmZ7r13eUY1fbmfXQrtvU6VmgEBoYnQxQWY6wuc4OAN55mYvxwCvil6kF:qizYdLFc3ggPOfV8FNorROT
Behavioral task
behavioral1
Sample
781bbdb421a473206fc37919f28a27db_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
781bbdb421a473206fc37919f28a27db_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
781bbdb421a473206fc37919f28a27db_JaffaCakes118
-
Size
2.1MB
-
MD5
781bbdb421a473206fc37919f28a27db
-
SHA1
d85b45996684e12dabcedcd03a5c8e0bdd6f1935
-
SHA256
366d8b84a43a528e6aaf9ecfc38980b148f983967803914471ccf011b9bb0832
-
SHA512
185c48044eeeadca08888218c915a5d0513f7439655aa101bf5615ccfa0ba43ff69712c63c09b53bd1cf0379ddd867e1f9fdd7638136a8bd30ce02dbff06bfb7
-
SSDEEP
24576:qizYdhBFmZ7r13eUY1fbmfXQrtvU6VmgEBoYnQxQWY6wuc4OAN55mYvxwCvil6kF:qizYdLFc3ggPOfV8FNorROT
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1