General
-
Target
8132332c461befdc9b07c5f1ad905587_JaffaCakes118
-
Size
1.8MB
-
Sample
240529-swd5gabc33
-
MD5
8132332c461befdc9b07c5f1ad905587
-
SHA1
0de3d739870edc5a1ace2351e77d42e6a96f4fc2
-
SHA256
6614cddcccb710d8c5a05812c57fa84d4f3d33692a2e78275f2dae7ce87fdbf4
-
SHA512
8e2911eb53c082e199d7d177247112f2c1d219a17fe77d900684a12a5ee508e610f369256d19afc6fa9b40633241c7927f01f49e28c6676bceabcb9ad8adad44
-
SSDEEP
24576:h+BFoK/DNYZcPue5p2pmyI+/e7eOt0VQ04F+zGyLAQAQy/jrn1XxiVEiINBv/D96:B
Static task
static1
Behavioral task
behavioral1
Sample
8132332c461befdc9b07c5f1ad905587_JaffaCakes118.rtf
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8132332c461befdc9b07c5f1ad905587_JaffaCakes118.rtf
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
8132332c461befdc9b07c5f1ad905587_JaffaCakes118
-
Size
1.8MB
-
MD5
8132332c461befdc9b07c5f1ad905587
-
SHA1
0de3d739870edc5a1ace2351e77d42e6a96f4fc2
-
SHA256
6614cddcccb710d8c5a05812c57fa84d4f3d33692a2e78275f2dae7ce87fdbf4
-
SHA512
8e2911eb53c082e199d7d177247112f2c1d219a17fe77d900684a12a5ee508e610f369256d19afc6fa9b40633241c7927f01f49e28c6676bceabcb9ad8adad44
-
SSDEEP
24576:h+BFoK/DNYZcPue5p2pmyI+/e7eOt0VQ04F+zGyLAQAQy/jrn1XxiVEiINBv/D96:B
-
Modifies firewall policy service
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1