General
-
Target
27968ed57ca198203afd198d616dbbe7_JaffaCakes118
-
Size
120KB
-
Sample
240706-hfdtna1hjh
-
MD5
27968ed57ca198203afd198d616dbbe7
-
SHA1
6ad0441cacec9f8f7c8c338c8555e13c025dc016
-
SHA256
d7f767504d8d4ad92ebca0e905eba3d63f22f41baf122878d2d7d1cdef1e0a13
-
SHA512
63a40bf534264d976a353cb26f9d61f92e1f6795154aff8d010c60d706a0c60197274060a7e0c8d904b0ce781429ddf68dcb675a28c67ccaa3c1bf08d805a804
-
SSDEEP
1536:sboJWZfsiFHOtfUIhLC1TqSfLgR9xX3EgbjmAusfXpMUP:MWVEmJFX3DfesxN
Malware Config
Targets
-
-
Target
27968ed57ca198203afd198d616dbbe7_JaffaCakes118
-
Size
120KB
-
MD5
27968ed57ca198203afd198d616dbbe7
-
SHA1
6ad0441cacec9f8f7c8c338c8555e13c025dc016
-
SHA256
d7f767504d8d4ad92ebca0e905eba3d63f22f41baf122878d2d7d1cdef1e0a13
-
SHA512
63a40bf534264d976a353cb26f9d61f92e1f6795154aff8d010c60d706a0c60197274060a7e0c8d904b0ce781429ddf68dcb675a28c67ccaa3c1bf08d805a804
-
SSDEEP
1536:sboJWZfsiFHOtfUIhLC1TqSfLgR9xX3EgbjmAusfXpMUP:MWVEmJFX3DfesxN
Score10/10-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Windows security bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1