General
-
Target
0ce693e05dec6245b7435a024fcd36b2_JaffaCakes118
-
Size
140KB
-
Sample
240625-gle38stdjf
-
MD5
0ce693e05dec6245b7435a024fcd36b2
-
SHA1
b7d6b0b38b59901e24f38c27ff6755937bca11e6
-
SHA256
19a8bf385291d1e2f96febffe0a35cc4546cb2e1d677f4e786feabfe91fb67eb
-
SHA512
94e8843c97945227589ce517877b4fe57991acf125313b40851efd05f71c67b2c4534ecedc0cc4ee7625119143874a683831384c6da73f6f1623ba480f9668b0
-
SSDEEP
3072:dF/UgaKuVIAMAYk9MZflw8ddddddddddddddddddddddJrrrttZGDuqvxL20p:DJWVIApm/ddddddddddddddddddddddy
Static task
static1
Behavioral task
behavioral1
Sample
0ce693e05dec6245b7435a024fcd36b2_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0ce693e05dec6245b7435a024fcd36b2_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
0ce693e05dec6245b7435a024fcd36b2_JaffaCakes118
-
Size
140KB
-
MD5
0ce693e05dec6245b7435a024fcd36b2
-
SHA1
b7d6b0b38b59901e24f38c27ff6755937bca11e6
-
SHA256
19a8bf385291d1e2f96febffe0a35cc4546cb2e1d677f4e786feabfe91fb67eb
-
SHA512
94e8843c97945227589ce517877b4fe57991acf125313b40851efd05f71c67b2c4534ecedc0cc4ee7625119143874a683831384c6da73f6f1623ba480f9668b0
-
SSDEEP
3072:dF/UgaKuVIAMAYk9MZflw8ddddddddddddddddddddddJrrrttZGDuqvxL20p:DJWVIApm/ddddddddddddddddddddddy
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1