General
-
Target
01c2a20e232aa897744155200c3425ef_JaffaCakes118
-
Size
1.1MB
-
Sample
240622-mydntsyflq
-
MD5
01c2a20e232aa897744155200c3425ef
-
SHA1
63498bf869810100287f0bb664471b980e209c00
-
SHA256
33127e0920a5382d00a40cd072816801381e1e73ffd598179d071b9ed5525c12
-
SHA512
128d95c50d336a527d19a2b77979a768693c4801b5d269906331fee15702d7baeb169df0e73c45ff98d08c82e61952341bedaf32a7b63d248e27544980471041
-
SSDEEP
24576:2rHZ+/d474mfm4wIpr1I5OgwgZLUfdZG52hmaWv/0HwVgg:2rsOPfmcpicge1L9489g
Static task
static1
Behavioral task
behavioral1
Sample
01c2a20e232aa897744155200c3425ef_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
01c2a20e232aa897744155200c3425ef_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
01c2a20e232aa897744155200c3425ef_JaffaCakes118
-
Size
1.1MB
-
MD5
01c2a20e232aa897744155200c3425ef
-
SHA1
63498bf869810100287f0bb664471b980e209c00
-
SHA256
33127e0920a5382d00a40cd072816801381e1e73ffd598179d071b9ed5525c12
-
SHA512
128d95c50d336a527d19a2b77979a768693c4801b5d269906331fee15702d7baeb169df0e73c45ff98d08c82e61952341bedaf32a7b63d248e27544980471041
-
SSDEEP
24576:2rHZ+/d474mfm4wIpr1I5OgwgZLUfdZG52hmaWv/0HwVgg:2rsOPfmcpicge1L9489g
Score10/10-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-