General
-
Target
a5cb865081e72c83905dd640334effe6_JaffaCakes118
-
Size
876KB
-
Sample
240613-qr13bsvdqq
-
MD5
a5cb865081e72c83905dd640334effe6
-
SHA1
2f0e341cd7dc302e310e1bedf8f2d859198b2d94
-
SHA256
817ef0bacbf02d851ba6872c6f3cb6e85d6fabd55a644ffa18feb4efa9225eae
-
SHA512
37e66b10c591d6bed45042fa6aa781334f64fd18db84bfdc5ef7d448bb6b55e8c8a5e635f9b72fa103ce5324edffb439f8efac458416c156c887bf0866fecac4
-
SSDEEP
24576:yRmJkcoQricOIQxiZY1WNdEOgmlzsC3F3iX:nJZoQrbTFZY1WNd+mlwM3iX
Static task
static1
Behavioral task
behavioral1
Sample
a5cb865081e72c83905dd640334effe6_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a5cb865081e72c83905dd640334effe6_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
a5cb865081e72c83905dd640334effe6_JaffaCakes118
-
Size
876KB
-
MD5
a5cb865081e72c83905dd640334effe6
-
SHA1
2f0e341cd7dc302e310e1bedf8f2d859198b2d94
-
SHA256
817ef0bacbf02d851ba6872c6f3cb6e85d6fabd55a644ffa18feb4efa9225eae
-
SHA512
37e66b10c591d6bed45042fa6aa781334f64fd18db84bfdc5ef7d448bb6b55e8c8a5e635f9b72fa103ce5324edffb439f8efac458416c156c887bf0866fecac4
-
SSDEEP
24576:yRmJkcoQricOIQxiZY1WNdEOgmlzsC3F3iX:nJZoQrbTFZY1WNd+mlwM3iX
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1