General
-
Target
28aef35f8c0d8e47c8941d8e793c9658_JaffaCakes118
-
Size
252KB
-
Sample
240706-s22gystanr
-
MD5
28aef35f8c0d8e47c8941d8e793c9658
-
SHA1
a873dd06d6b780730f11b324386fc17b275ef6a2
-
SHA256
c4d5038d27d3ebf19646addd4841f00624bddab48da2f334adbf438b79e2149b
-
SHA512
158715cf3c4b4a670ff61422824dab198dc7ad1a990f2486927592e42983ad468ab41a11864678e727b76c0433ea23bce5ce060836b68d98f527d20acca8d9ac
-
SSDEEP
3072:5z732vID7NYWvmySFOjWNsii1LPXyCrNG+JkL7jSO2YdD7QQ+6Z/Bodrh0iv00VR:5GvIN94qdisAt3gNbwJoduy/mqgGcSu2
Static task
static1
Behavioral task
behavioral1
Sample
28aef35f8c0d8e47c8941d8e793c9658_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
28aef35f8c0d8e47c8941d8e793c9658_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
28aef35f8c0d8e47c8941d8e793c9658_JaffaCakes118
-
Size
252KB
-
MD5
28aef35f8c0d8e47c8941d8e793c9658
-
SHA1
a873dd06d6b780730f11b324386fc17b275ef6a2
-
SHA256
c4d5038d27d3ebf19646addd4841f00624bddab48da2f334adbf438b79e2149b
-
SHA512
158715cf3c4b4a670ff61422824dab198dc7ad1a990f2486927592e42983ad468ab41a11864678e727b76c0433ea23bce5ce060836b68d98f527d20acca8d9ac
-
SSDEEP
3072:5z732vID7NYWvmySFOjWNsii1LPXyCrNG+JkL7jSO2YdD7QQ+6Z/Bodrh0iv00VR:5GvIN94qdisAt3gNbwJoduy/mqgGcSu2
Score10/10-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
2Modify Registry
2