General
-
Target
122d830e707c4e877d9c8cb5b1212e9e_JaffaCakes118
-
Size
240KB
-
Sample
240626-q1tdvazejk
-
MD5
122d830e707c4e877d9c8cb5b1212e9e
-
SHA1
ae3ccb8292b34c99d71f0cc3f51329cbbcd2d7fc
-
SHA256
7ce8a23f8e562a1c2bbbbff1d19ec03a403d32059501d89c273d0e6f5d7d4116
-
SHA512
79c5fd8d49f05ec9ca8d21d79633ce9ca50f8a8a74acddd80c20448c9ab71743e82b50db07e4a4b1b529e7f9bc7039bf5c94cdcd2cc756b3d6e27519077fa3ab
-
SSDEEP
3072:8RRSuEEFOZuswPjCEHpu35Vk6HSngrrlpjWHg40bfeNXDxkXFIyqQ4ZSA2Z8o:cRSXEFx5Hw3FN7RagXORQ+I
Behavioral task
behavioral1
Sample
122d830e707c4e877d9c8cb5b1212e9e_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
122d830e707c4e877d9c8cb5b1212e9e_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
122d830e707c4e877d9c8cb5b1212e9e_JaffaCakes118
-
Size
240KB
-
MD5
122d830e707c4e877d9c8cb5b1212e9e
-
SHA1
ae3ccb8292b34c99d71f0cc3f51329cbbcd2d7fc
-
SHA256
7ce8a23f8e562a1c2bbbbff1d19ec03a403d32059501d89c273d0e6f5d7d4116
-
SHA512
79c5fd8d49f05ec9ca8d21d79633ce9ca50f8a8a74acddd80c20448c9ab71743e82b50db07e4a4b1b529e7f9bc7039bf5c94cdcd2cc756b3d6e27519077fa3ab
-
SSDEEP
3072:8RRSuEEFOZuswPjCEHpu35Vk6HSngrrlpjWHg40bfeNXDxkXFIyqQ4ZSA2Z8o:cRSXEFx5Hw3FN7RagXORQ+I
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1