General
-
Target
12d4ca5d5585aed5722ca56fedf7d9ae_JaffaCakes118
-
Size
98KB
-
Sample
240626-v8psvavdpc
-
MD5
12d4ca5d5585aed5722ca56fedf7d9ae
-
SHA1
94a272e42bd70405f810004bae94256adfe3fbe9
-
SHA256
ad1adf33b046fb2e8c7e377859ab7600c7192f129a8b77c0e2dc9ff28872dcaa
-
SHA512
9c3270d35b28fbb86ca25371ee21e48bd9e574c46952f3aee4b6701ec070d4dd0f350fa061605745f1a4f438461103ffaf11f41f719a5309e0cbdb4e2e4d90d0
-
SSDEEP
1536:znoNzMiAhLpKp8BNzMEbr4ErO0PNVSYJ9xcizk9D90K1Vy3ucHEvQMb4+4mCzsv8:0iMWpOYBckY6QEu6MFkPmCzse9DAE
Static task
static1
Behavioral task
behavioral1
Sample
12d4ca5d5585aed5722ca56fedf7d9ae_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
12d4ca5d5585aed5722ca56fedf7d9ae_JaffaCakes118
-
Size
98KB
-
MD5
12d4ca5d5585aed5722ca56fedf7d9ae
-
SHA1
94a272e42bd70405f810004bae94256adfe3fbe9
-
SHA256
ad1adf33b046fb2e8c7e377859ab7600c7192f129a8b77c0e2dc9ff28872dcaa
-
SHA512
9c3270d35b28fbb86ca25371ee21e48bd9e574c46952f3aee4b6701ec070d4dd0f350fa061605745f1a4f438461103ffaf11f41f719a5309e0cbdb4e2e4d90d0
-
SSDEEP
1536:znoNzMiAhLpKp8BNzMEbr4ErO0PNVSYJ9xcizk9D90K1Vy3ucHEvQMb4+4mCzsv8:0iMWpOYBckY6QEu6MFkPmCzse9DAE
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1