General
-
Target
0781e3c1b2cc979cc5b74487d2bc305e_JaffaCakes118
-
Size
368KB
-
Sample
240620-td83kawbma
-
MD5
0781e3c1b2cc979cc5b74487d2bc305e
-
SHA1
9dbc4368035a6014d34474dedaf56f32d7606b6f
-
SHA256
3faba3d0fcb244dddca0e802fd08b41b7283b98a6c4a1aaea1b6041505e65667
-
SHA512
ae347479db38611e602a98f0232dc2f09ca4b4aeb4c48961d93ffc88ce7101dc8dd576559f4e3d9ef45aca6e507c697efb70131ea73cff519d8ae96f38ccf3ed
-
SSDEEP
6144:qW2D389Nzjp3q/k+JfSt9ToekPhOtJaP9HYgzyKFJUfxE9v:ksq/k+JKjToBh6JVo1UOv
Static task
static1
Behavioral task
behavioral1
Sample
0781e3c1b2cc979cc5b74487d2bc305e_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0781e3c1b2cc979cc5b74487d2bc305e_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
0781e3c1b2cc979cc5b74487d2bc305e_JaffaCakes118
-
Size
368KB
-
MD5
0781e3c1b2cc979cc5b74487d2bc305e
-
SHA1
9dbc4368035a6014d34474dedaf56f32d7606b6f
-
SHA256
3faba3d0fcb244dddca0e802fd08b41b7283b98a6c4a1aaea1b6041505e65667
-
SHA512
ae347479db38611e602a98f0232dc2f09ca4b4aeb4c48961d93ffc88ce7101dc8dd576559f4e3d9ef45aca6e507c697efb70131ea73cff519d8ae96f38ccf3ed
-
SSDEEP
6144:qW2D389Nzjp3q/k+JfSt9ToekPhOtJaP9HYgzyKFJUfxE9v:ksq/k+JKjToBh6JVo1UOv
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1