General
-
Target
0fc648733d5a38a1de14bd0090f56c58_JaffaCakes118
-
Size
972KB
-
Sample
240625-2gyp1azfjq
-
MD5
0fc648733d5a38a1de14bd0090f56c58
-
SHA1
cfc0981e181739adc583492d7e09f97a8a95f3d9
-
SHA256
acea6dba17f0a4340832f0c8c017950bd87266cf56283d077b101215a07be1f9
-
SHA512
0a90e0dfb04df63c04d4a828ff56dce58e5aa3af55db5734d5c42b812afd1d9214df86a7273ea6d4df1266199b14a2b94e122d9537d050aa34804a73d6ba360e
-
SSDEEP
24576:bh6HHHHHHHHHHHHHHHHHp38ccsQEn97CFp3hBtUI1zT0U2W:bKLPqEo
Static task
static1
Behavioral task
behavioral1
Sample
0fc648733d5a38a1de14bd0090f56c58_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
0fc648733d5a38a1de14bd0090f56c58_JaffaCakes118
-
Size
972KB
-
MD5
0fc648733d5a38a1de14bd0090f56c58
-
SHA1
cfc0981e181739adc583492d7e09f97a8a95f3d9
-
SHA256
acea6dba17f0a4340832f0c8c017950bd87266cf56283d077b101215a07be1f9
-
SHA512
0a90e0dfb04df63c04d4a828ff56dce58e5aa3af55db5734d5c42b812afd1d9214df86a7273ea6d4df1266199b14a2b94e122d9537d050aa34804a73d6ba360e
-
SSDEEP
24576:bh6HHHHHHHHHHHHHHHHHp38ccsQEn97CFp3hBtUI1zT0U2W:bKLPqEo
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2