General
-
Target
0a997b7a64cc868fdf8f462d7d64b39c_JaffaCakes118
-
Size
11.7MB
-
Sample
240624-yvnkeatemn
-
MD5
0a997b7a64cc868fdf8f462d7d64b39c
-
SHA1
d3fa7d86bbc79eddc267c9609a1a396944033fcf
-
SHA256
c7b71ddfb4b1d6b5f25866b12c5c2ea486242cad1b094b36f465a2313b85daea
-
SHA512
cc4ecc5ee660f131bd9a9326297c9efd69772482aed6373e408d6b4620523a451b9cf83164e945d940cf3ebd43a96c44d19eb40a121405ef568a95084c12bb2d
-
SSDEEP
196608:7tPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPX:7
Static task
static1
Behavioral task
behavioral1
Sample
0a997b7a64cc868fdf8f462d7d64b39c_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
0a997b7a64cc868fdf8f462d7d64b39c_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
0a997b7a64cc868fdf8f462d7d64b39c_JaffaCakes118
-
Size
11.7MB
-
MD5
0a997b7a64cc868fdf8f462d7d64b39c
-
SHA1
d3fa7d86bbc79eddc267c9609a1a396944033fcf
-
SHA256
c7b71ddfb4b1d6b5f25866b12c5c2ea486242cad1b094b36f465a2313b85daea
-
SHA512
cc4ecc5ee660f131bd9a9326297c9efd69772482aed6373e408d6b4620523a451b9cf83164e945d940cf3ebd43a96c44d19eb40a121405ef568a95084c12bb2d
-
SSDEEP
196608:7tPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPX:7
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1