General
-
Target
0f1d1de179d852e9296788a6e14e9766_JaffaCakes118
-
Size
305KB
-
Sample
240625-w8jr9swcka
-
MD5
0f1d1de179d852e9296788a6e14e9766
-
SHA1
ebf571e10a5926aa54afdc08e40482b21880646d
-
SHA256
ea9cfeb6e144a60ac38cf952c874a903f21c43277a8445cc88e43d2cda8f4874
-
SHA512
eb99b6ea0fc4cf3f5ebc2830d51ee20762661bdd4e632aea663b9b77d9950cadd5ccc5eeec85f562b2c2609d3f425d13dc85c388bd2826e9b1b240532198628b
-
SSDEEP
6144:rp0ZRO8Aueh8nEh/8JCn+fb+a9pIxGjYpdpFCxVD87:wtAZh8nEhUJbyZGjYpD4xV
Static task
static1
Behavioral task
behavioral1
Sample
0f1d1de179d852e9296788a6e14e9766_JaffaCakes118.dll
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
0f1d1de179d852e9296788a6e14e9766_JaffaCakes118
-
Size
305KB
-
MD5
0f1d1de179d852e9296788a6e14e9766
-
SHA1
ebf571e10a5926aa54afdc08e40482b21880646d
-
SHA256
ea9cfeb6e144a60ac38cf952c874a903f21c43277a8445cc88e43d2cda8f4874
-
SHA512
eb99b6ea0fc4cf3f5ebc2830d51ee20762661bdd4e632aea663b9b77d9950cadd5ccc5eeec85f562b2c2609d3f425d13dc85c388bd2826e9b1b240532198628b
-
SSDEEP
6144:rp0ZRO8Aueh8nEh/8JCn+fb+a9pIxGjYpdpFCxVD87:wtAZh8nEhUJbyZGjYpD4xV
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1