General
-
Target
10b7c39a7b1975dc158b0d851e73b5a0_JaffaCakes118
-
Size
307KB
-
Sample
240626-e3e4fsxfnr
-
MD5
10b7c39a7b1975dc158b0d851e73b5a0
-
SHA1
a4f389c488d7f41ee426b840ff4ca695c015182c
-
SHA256
cd3e1b28f6a43a9412329e1e55400d3587b9674437ef7b602d655d0fd190c89a
-
SHA512
1540e9353b7e52a648fbd065d088a6f9856123a335869cf7b4e3154797ed6a2f3b897ec51c0ac05892644de99a5d1c46f6324d7e80735dd44a3011278cf04614
-
SSDEEP
6144:u0aYX6rO+MpmqaCOK15DetQv9hn0X0NONhIMabcy1iODqCRc:u0bKrHMpm85KtQvG0NO3eX1rpc
Static task
static1
Behavioral task
behavioral1
Sample
10b7c39a7b1975dc158b0d851e73b5a0_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
10b7c39a7b1975dc158b0d851e73b5a0_JaffaCakes118
-
Size
307KB
-
MD5
10b7c39a7b1975dc158b0d851e73b5a0
-
SHA1
a4f389c488d7f41ee426b840ff4ca695c015182c
-
SHA256
cd3e1b28f6a43a9412329e1e55400d3587b9674437ef7b602d655d0fd190c89a
-
SHA512
1540e9353b7e52a648fbd065d088a6f9856123a335869cf7b4e3154797ed6a2f3b897ec51c0ac05892644de99a5d1c46f6324d7e80735dd44a3011278cf04614
-
SSDEEP
6144:u0aYX6rO+MpmqaCOK15DetQv9hn0X0NONhIMabcy1iODqCRc:u0bKrHMpm85KtQvG0NO3eX1rpc
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5