General
-
Target
12ccbff8f227d3420285771ce3426f93_JaffaCakes118
-
Size
308KB
-
Sample
240626-vzqc1sxdlr
-
MD5
12ccbff8f227d3420285771ce3426f93
-
SHA1
d7e6084658b13254e9b0de0b9b771f6782c30201
-
SHA256
7e5b7c2b52c360439a8d83a6912881d52c6329691cb2d036b8de31ffa9738554
-
SHA512
9f158f55db937546ad9afcafa6d3e5938de96d31c1876aaf9cc1e1a25ce5d5ac7917e20ad31742021b7bf0f6c7a90899615b2a996c143efb66d8da61b66dd67a
-
SSDEEP
6144:PHK+xM3SRzRY/OD8led69Eoqz/BG5OXCBih6V+SiShnqM9D:49Eo8JxXAc6VPiCnqaD
Static task
static1
Behavioral task
behavioral1
Sample
12ccbff8f227d3420285771ce3426f93_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
12ccbff8f227d3420285771ce3426f93_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
12ccbff8f227d3420285771ce3426f93_JaffaCakes118
-
Size
308KB
-
MD5
12ccbff8f227d3420285771ce3426f93
-
SHA1
d7e6084658b13254e9b0de0b9b771f6782c30201
-
SHA256
7e5b7c2b52c360439a8d83a6912881d52c6329691cb2d036b8de31ffa9738554
-
SHA512
9f158f55db937546ad9afcafa6d3e5938de96d31c1876aaf9cc1e1a25ce5d5ac7917e20ad31742021b7bf0f6c7a90899615b2a996c143efb66d8da61b66dd67a
-
SSDEEP
6144:PHK+xM3SRzRY/OD8led69Eoqz/BG5OXCBih6V+SiShnqM9D:49Eo8JxXAc6VPiCnqaD
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-