General
-
Target
05b02a023bdb0e2a9d113f7dd70e1f73_JaffaCakes118
-
Size
35KB
-
Sample
240620-nw1agszdlr
-
MD5
05b02a023bdb0e2a9d113f7dd70e1f73
-
SHA1
8f8e031cc94ccb71e037c9a1da497c3c1e297bbf
-
SHA256
58f03772054f76078e4338edcf2e43e36302243832565dfb5736df41603438fa
-
SHA512
8ad9f51ee2d17fb0de08fe92b3362a6e8b86759339a8644cdbca0a1c584a7e459b31d1dd9559fbe73717bb8075594bc837840dea692bc0e8b0b3e5ee9974b6bc
-
SSDEEP
768:DH787z80EvJuGLzZmhH1B3yBPgxPCxtHygW1DRQX/a/o9H9ySOH8J:DHyUJuYzZ6VkBomR2wSQHyfC
Behavioral task
behavioral1
Sample
05b02a023bdb0e2a9d113f7dd70e1f73_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
05b02a023bdb0e2a9d113f7dd70e1f73_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
05b02a023bdb0e2a9d113f7dd70e1f73_JaffaCakes118
-
Size
35KB
-
MD5
05b02a023bdb0e2a9d113f7dd70e1f73
-
SHA1
8f8e031cc94ccb71e037c9a1da497c3c1e297bbf
-
SHA256
58f03772054f76078e4338edcf2e43e36302243832565dfb5736df41603438fa
-
SHA512
8ad9f51ee2d17fb0de08fe92b3362a6e8b86759339a8644cdbca0a1c584a7e459b31d1dd9559fbe73717bb8075594bc837840dea692bc0e8b0b3e5ee9974b6bc
-
SSDEEP
768:DH787z80EvJuGLzZmhH1B3yBPgxPCxtHygW1DRQX/a/o9H9ySOH8J:DHyUJuYzZ6VkBomR2wSQHyfC
Score8/10-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Pre-OS Boot
1Bootkit
1