General
-
Target
7d8d129ee9642a1868f60a9f63d8c67c_JaffaCakes118
-
Size
478KB
-
Sample
240528-thp59acc78
-
MD5
7d8d129ee9642a1868f60a9f63d8c67c
-
SHA1
28bf7acaca4ca82963c5b38d4f84aa392bdf5a38
-
SHA256
16fc6578dcf9557b60a9c2ae06e1d5b69e2d90b5f9a7ad0fa4d9590fea01d0b2
-
SHA512
fbf5499d11cf5d283a9248394268f6348520d17528c049cc45027f52c741f858ca199798d1217ee5d19a9622c3e8a2c5f8707f0914fc623cc8b640f7191e7fd5
-
SSDEEP
12288:ztnoObsp0q7X3Z3Q1QoI1zj9YX+50c/XZ:yOWX3JoI1juX+6up
Static task
static1
Behavioral task
behavioral1
Sample
7d8d129ee9642a1868f60a9f63d8c67c_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7d8d129ee9642a1868f60a9f63d8c67c_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
7d8d129ee9642a1868f60a9f63d8c67c_JaffaCakes118
-
Size
478KB
-
MD5
7d8d129ee9642a1868f60a9f63d8c67c
-
SHA1
28bf7acaca4ca82963c5b38d4f84aa392bdf5a38
-
SHA256
16fc6578dcf9557b60a9c2ae06e1d5b69e2d90b5f9a7ad0fa4d9590fea01d0b2
-
SHA512
fbf5499d11cf5d283a9248394268f6348520d17528c049cc45027f52c741f858ca199798d1217ee5d19a9622c3e8a2c5f8707f0914fc623cc8b640f7191e7fd5
-
SSDEEP
12288:ztnoObsp0q7X3Z3Q1QoI1zj9YX+50c/XZ:yOWX3JoI1juX+6up
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
3Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
3Winlogon Helper DLL
1