General
-
Target
12865c260a2994bfce70e5dae7503621_JaffaCakes118
-
Size
175KB
-
Sample
240626-s73bfatgmn
-
MD5
12865c260a2994bfce70e5dae7503621
-
SHA1
3a4ce0237ae3f0625ef59917c477429c539feff2
-
SHA256
85f2f930963106e02b32851ab6e8f5038d371afcb890294a204e6cd353d84d81
-
SHA512
4eb4da483725ddb60bf53f842633c560ead66acd6610b3f474663717361e40846464daf6cf3e50be30dfd9ebbbe1d0b97cf6e9e6bca5e6e3cb5345844396389f
-
SSDEEP
3072:yy9tGqOxnexUYMg2zk8jwaaHw7Koj4rocwEXi7w9GWg:p9bpUUO8GWg
Static task
static1
Behavioral task
behavioral1
Sample
12865c260a2994bfce70e5dae7503621_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
12865c260a2994bfce70e5dae7503621_JaffaCakes118
-
Size
175KB
-
MD5
12865c260a2994bfce70e5dae7503621
-
SHA1
3a4ce0237ae3f0625ef59917c477429c539feff2
-
SHA256
85f2f930963106e02b32851ab6e8f5038d371afcb890294a204e6cd353d84d81
-
SHA512
4eb4da483725ddb60bf53f842633c560ead66acd6610b3f474663717361e40846464daf6cf3e50be30dfd9ebbbe1d0b97cf6e9e6bca5e6e3cb5345844396389f
-
SSDEEP
3072:yy9tGqOxnexUYMg2zk8jwaaHw7Koj4rocwEXi7w9GWg:p9bpUUO8GWg
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1