General
-
Target
0e8b7284c721e2c8b7b7532da050a55a_JaffaCakes118
-
Size
216KB
-
Sample
240625-snj1razgnq
-
MD5
0e8b7284c721e2c8b7b7532da050a55a
-
SHA1
6840eac06df931808ce7c0f21b90129e8f2dcc6d
-
SHA256
2f5eb4b47c76941b43df6ce404bedcd77f10e4fdfa1cc351d201f24de9589f7b
-
SHA512
b1d334af757639549d97f63bf9711ca59ff5a20129ab111141d0e71718fec8427a38d2902a62415b531bb3ee7165dca5a3c53ba0f433f7015f9d753516a05d2a
-
SSDEEP
3072:hp7vf4zHXP4Zq5b/S5JgqcOwJLgTN4/6oSyOXSZOz9KBVEpEE:Mz/aUK5JgqcOwOTeSycSZOzUQpf
Static task
static1
Behavioral task
behavioral1
Sample
0e8b7284c721e2c8b7b7532da050a55a_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
0e8b7284c721e2c8b7b7532da050a55a_JaffaCakes118
-
Size
216KB
-
MD5
0e8b7284c721e2c8b7b7532da050a55a
-
SHA1
6840eac06df931808ce7c0f21b90129e8f2dcc6d
-
SHA256
2f5eb4b47c76941b43df6ce404bedcd77f10e4fdfa1cc351d201f24de9589f7b
-
SHA512
b1d334af757639549d97f63bf9711ca59ff5a20129ab111141d0e71718fec8427a38d2902a62415b531bb3ee7165dca5a3c53ba0f433f7015f9d753516a05d2a
-
SSDEEP
3072:hp7vf4zHXP4Zq5b/S5JgqcOwJLgTN4/6oSyOXSZOz9KBVEpEE:Mz/aUK5JgqcOwOTeSycSZOzUQpf
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1