General
-
Target
0d1888d8cf25c90916c9894de5a888ac_JaffaCakes118
-
Size
364KB
-
Sample
240625-hfpwxsybrp
-
MD5
0d1888d8cf25c90916c9894de5a888ac
-
SHA1
865d449093230392f07cc3fa05534e743ea1f33d
-
SHA256
03a2c1ce541195a79d2b313a6598e3f6c5d45d0d32e563d3e913f0367d14c758
-
SHA512
9b5b90002a7ce319379b9e01afebe8b1f1c67565fa30c2a541e4c051e10b38bad433fa9e1ba4e0d2b91ae466ce4bbefaa01e4d1b733582c1e6d38ab873a20bf1
-
SSDEEP
6144:hXT/KJNp0kKeZ8czpB61SK00Gw7bnOaIaWjoWzYAOxjpI:h/KxYczr613x7bnjImwYAOxjpI
Static task
static1
Behavioral task
behavioral1
Sample
0d1888d8cf25c90916c9894de5a888ac_JaffaCakes118.dll
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
0d1888d8cf25c90916c9894de5a888ac_JaffaCakes118
-
Size
364KB
-
MD5
0d1888d8cf25c90916c9894de5a888ac
-
SHA1
865d449093230392f07cc3fa05534e743ea1f33d
-
SHA256
03a2c1ce541195a79d2b313a6598e3f6c5d45d0d32e563d3e913f0367d14c758
-
SHA512
9b5b90002a7ce319379b9e01afebe8b1f1c67565fa30c2a541e4c051e10b38bad433fa9e1ba4e0d2b91ae466ce4bbefaa01e4d1b733582c1e6d38ab873a20bf1
-
SSDEEP
6144:hXT/KJNp0kKeZ8czpB61SK00Gw7bnOaIaWjoWzYAOxjpI:h/KxYczr613x7bnjImwYAOxjpI
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1