General
-
Target
11cd3c605893ceb762c0364d2a69c431_JaffaCakes118
-
Size
120KB
-
Sample
240626-na5yvavcrr
-
MD5
11cd3c605893ceb762c0364d2a69c431
-
SHA1
8f4818fe01dbffb7e8562c0d462c4ca9012bb0a0
-
SHA256
1e3df6f32d7441c3d164b8a46b975fe66f1636a656b0bb5c4e1e1f69bc384e22
-
SHA512
233ea0ea1a44c5588311691876b5ca571edc8ac806b95501d829ab8ad55a46a34a1e20a254b36e25768f570e99f4b6e14d92d1951567f55cc0c158f86dc815c3
-
SSDEEP
3072:zAK0CBezOU+8isBve4bF3u5jwaaHw7Koj4rIPQFy:83z+svb1uzPQFy
Static task
static1
Behavioral task
behavioral1
Sample
11cd3c605893ceb762c0364d2a69c431_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
11cd3c605893ceb762c0364d2a69c431_JaffaCakes118
-
Size
120KB
-
MD5
11cd3c605893ceb762c0364d2a69c431
-
SHA1
8f4818fe01dbffb7e8562c0d462c4ca9012bb0a0
-
SHA256
1e3df6f32d7441c3d164b8a46b975fe66f1636a656b0bb5c4e1e1f69bc384e22
-
SHA512
233ea0ea1a44c5588311691876b5ca571edc8ac806b95501d829ab8ad55a46a34a1e20a254b36e25768f570e99f4b6e14d92d1951567f55cc0c158f86dc815c3
-
SSDEEP
3072:zAK0CBezOU+8isBve4bF3u5jwaaHw7Koj4rIPQFy:83z+svb1uzPQFy
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1