General
-
Target
0e5c792beac4688855f7b1546d77d7fa_JaffaCakes118
-
Size
109KB
-
Sample
240625-rfw5nsxdkj
-
MD5
0e5c792beac4688855f7b1546d77d7fa
-
SHA1
9c0b2575945349994d541b88584ec188e994e7d6
-
SHA256
9bfdecb3b2352f79da808e09402dfce008c0e14e5be6a13d0709a7a2e11de6fb
-
SHA512
0cd8ff79c13afd7079cf8faa5a1840c0ee24d3835e7641b1430012564571edcc39e0d53095cc38988f6cafd78ca0ada3e19e84c88086555ccee13a212fdc02f7
-
SSDEEP
3072:jgeWPCmabC3YUSlr6WzA9dLy/R5jwaaHw7Koj4rX/ej:c4PtUSlrdydm/v
Static task
static1
Behavioral task
behavioral1
Sample
0e5c792beac4688855f7b1546d77d7fa_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
0e5c792beac4688855f7b1546d77d7fa_JaffaCakes118
-
Size
109KB
-
MD5
0e5c792beac4688855f7b1546d77d7fa
-
SHA1
9c0b2575945349994d541b88584ec188e994e7d6
-
SHA256
9bfdecb3b2352f79da808e09402dfce008c0e14e5be6a13d0709a7a2e11de6fb
-
SHA512
0cd8ff79c13afd7079cf8faa5a1840c0ee24d3835e7641b1430012564571edcc39e0d53095cc38988f6cafd78ca0ada3e19e84c88086555ccee13a212fdc02f7
-
SSDEEP
3072:jgeWPCmabC3YUSlr6WzA9dLy/R5jwaaHw7Koj4rX/ej:c4PtUSlrdydm/v
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1