General
-
Target
11e194aa1ca2526cd50b8d423fc56287_JaffaCakes118
-
Size
144KB
-
Sample
240626-nvqdwswcnp
-
MD5
11e194aa1ca2526cd50b8d423fc56287
-
SHA1
419c4170caaf0a5477f590219c8cefcd883b0970
-
SHA256
5484adfce88f6b952869b2e52242377d81feba366ca4db83e3dd1b5d94f1dccb
-
SHA512
983b944e60595d5d1d307198b901f1a077528a3629638ddddc4d8a9965f3766fd67a8eb4ceb9465866eecc5c9e35e20e57e27fce2b7d4c10af063a8089c24551
-
SSDEEP
3072:vgh2I2r6EHIABO7Q+Wzk8jwaaHw7Koj4r07zw:6EH7yig
Static task
static1
Behavioral task
behavioral1
Sample
11e194aa1ca2526cd50b8d423fc56287_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
11e194aa1ca2526cd50b8d423fc56287_JaffaCakes118
-
Size
144KB
-
MD5
11e194aa1ca2526cd50b8d423fc56287
-
SHA1
419c4170caaf0a5477f590219c8cefcd883b0970
-
SHA256
5484adfce88f6b952869b2e52242377d81feba366ca4db83e3dd1b5d94f1dccb
-
SHA512
983b944e60595d5d1d307198b901f1a077528a3629638ddddc4d8a9965f3766fd67a8eb4ceb9465866eecc5c9e35e20e57e27fce2b7d4c10af063a8089c24551
-
SSDEEP
3072:vgh2I2r6EHIABO7Q+Wzk8jwaaHw7Koj4r07zw:6EH7yig
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1