General
-
Target
aaa7c91c49b1217f6ee975aa643e32ef_JaffaCakes118
-
Size
2.2MB
-
Sample
240614-tt2cna1hrj
-
MD5
aaa7c91c49b1217f6ee975aa643e32ef
-
SHA1
85b676c7efe425236382b2cb0ca4b08329c5dc96
-
SHA256
fb03de5893332f5a1d6d157c3e2e7a529d761845d358aa4158b129e2ce47cedd
-
SHA512
abaaf05de429dd13854a246c31cc8f096ee9f01bffc9023af59ac70bc885faca1ae60330460bfb6c348606024dfcab22b29c6ae9f66e96c17db28dae2b96eac3
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZx:0UzeyQMS4DqodCnoe+iitjWwwF
Behavioral task
behavioral1
Sample
aaa7c91c49b1217f6ee975aa643e32ef_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
aaa7c91c49b1217f6ee975aa643e32ef_JaffaCakes118
-
Size
2.2MB
-
MD5
aaa7c91c49b1217f6ee975aa643e32ef
-
SHA1
85b676c7efe425236382b2cb0ca4b08329c5dc96
-
SHA256
fb03de5893332f5a1d6d157c3e2e7a529d761845d358aa4158b129e2ce47cedd
-
SHA512
abaaf05de429dd13854a246c31cc8f096ee9f01bffc9023af59ac70bc885faca1ae60330460bfb6c348606024dfcab22b29c6ae9f66e96c17db28dae2b96eac3
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZx:0UzeyQMS4DqodCnoe+iitjWwwF
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1