General
-
Target
a10703677d0e427a756bbefad450a74d_JaffaCakes118
-
Size
2.2MB
-
Sample
240612-r3lx8asekr
-
MD5
a10703677d0e427a756bbefad450a74d
-
SHA1
68fa6212bc1c2dc3ed7c79e859cae4cc1a12257b
-
SHA256
e2e88104cd583d83340a0cada31043d1e567aa0ea9fbeaf0f7495d2631ae99e5
-
SHA512
d4d80eb983a687080d4c328f7415a5c71b3ee450211a9998f9e2f5166365c26d7724f802b254a3ca3f3ce9138ace7566fd5139e5f920c366a0d034606f58c516
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZR:0UzeyQMS4DqodCnoe+iitjWww1
Behavioral task
behavioral1
Sample
a10703677d0e427a756bbefad450a74d_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
a10703677d0e427a756bbefad450a74d_JaffaCakes118
-
Size
2.2MB
-
MD5
a10703677d0e427a756bbefad450a74d
-
SHA1
68fa6212bc1c2dc3ed7c79e859cae4cc1a12257b
-
SHA256
e2e88104cd583d83340a0cada31043d1e567aa0ea9fbeaf0f7495d2631ae99e5
-
SHA512
d4d80eb983a687080d4c328f7415a5c71b3ee450211a9998f9e2f5166365c26d7724f802b254a3ca3f3ce9138ace7566fd5139e5f920c366a0d034606f58c516
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZR:0UzeyQMS4DqodCnoe+iitjWww1
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1