General
-
Target
0ef44c4fceb85bfe07aa7d415f6c1f73_JaffaCakes118
-
Size
613KB
-
Sample
240625-v77l9stcqh
-
MD5
0ef44c4fceb85bfe07aa7d415f6c1f73
-
SHA1
78eda623922c0bb816bf8447842872a13e2a47dc
-
SHA256
a1766cb6a6fa7efd1e9e1d67c0c2162886cd199dd5be80c8ce0306bdc153c9fc
-
SHA512
4736f0280790b96f5a80be6ab48086013720b3d1be7c18e5cd26cc369ecbb12140bd1c526978a83b6f4d91134d9589254df7edfd585bb005981a579564405fd1
-
SSDEEP
12288:3ZWtI6Rk3eZJys73dOvXDpNjNe8TOB0vkurLkA:3uha3eZJ8NI8TOAnkA
Malware Config
Targets
-
-
Target
0ef44c4fceb85bfe07aa7d415f6c1f73_JaffaCakes118
-
Size
613KB
-
MD5
0ef44c4fceb85bfe07aa7d415f6c1f73
-
SHA1
78eda623922c0bb816bf8447842872a13e2a47dc
-
SHA256
a1766cb6a6fa7efd1e9e1d67c0c2162886cd199dd5be80c8ce0306bdc153c9fc
-
SHA512
4736f0280790b96f5a80be6ab48086013720b3d1be7c18e5cd26cc369ecbb12140bd1c526978a83b6f4d91134d9589254df7edfd585bb005981a579564405fd1
-
SSDEEP
12288:3ZWtI6Rk3eZJys73dOvXDpNjNe8TOB0vkurLkA:3uha3eZJ8NI8TOAnkA
Score10/10-
Disables service(s)
-
Modifies visibility of file extensions in Explorer
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1