General
-
Target
0f1a48f8d3f49695f56dec690a5cc3f4_JaffaCakes118
-
Size
283KB
-
Sample
240625-w6tjpawbmb
-
MD5
0f1a48f8d3f49695f56dec690a5cc3f4
-
SHA1
f1fbd22f1b1a6348ccc6163d89d7034b6f1e3047
-
SHA256
de84c71f5b81ffd761acdc89741a382101743bab97e6cd4aa142081870eb5630
-
SHA512
30f21d6db2d1f3e48364cc2a56442a7dc4b4b09c12cf89b041a84286d9cc07be49bb5a589184552b104343f98413f3bbbeaccd6b0858ea744f57aa0be0eb59e1
-
SSDEEP
6144:4IdcdP1EUU+nBdH6h3RgokhoqN5RN4JZ2c769/czyO7:zdcPEKmh3RRgN4Joc769kZ
Static task
static1
Behavioral task
behavioral1
Sample
0f1a48f8d3f49695f56dec690a5cc3f4_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0f1a48f8d3f49695f56dec690a5cc3f4_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
0f1a48f8d3f49695f56dec690a5cc3f4_JaffaCakes118
-
Size
283KB
-
MD5
0f1a48f8d3f49695f56dec690a5cc3f4
-
SHA1
f1fbd22f1b1a6348ccc6163d89d7034b6f1e3047
-
SHA256
de84c71f5b81ffd761acdc89741a382101743bab97e6cd4aa142081870eb5630
-
SHA512
30f21d6db2d1f3e48364cc2a56442a7dc4b4b09c12cf89b041a84286d9cc07be49bb5a589184552b104343f98413f3bbbeaccd6b0858ea744f57aa0be0eb59e1
-
SSDEEP
6144:4IdcdP1EUU+nBdH6h3RgokhoqN5RN4JZ2c769/czyO7:zdcPEKmh3RRgN4Joc769kZ
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1