General
-
Target
4276d6e574f6400e64b3f2a1dae82741_JaffaCakes118
-
Size
10.9MB
-
Sample
240713-tzvgasycjj
-
MD5
4276d6e574f6400e64b3f2a1dae82741
-
SHA1
aa8086e024027c58126f30047092b43651c0da35
-
SHA256
cd49e88abc766e9e6577b1e7d8b0c4b27df164e7067039ae11ff78c2b0166bb2
-
SHA512
859c90ab3290144e7aef08e9fa126943e28a570da620d46365967c15da158e984a99735352d6c2b099d148cdaa7080066f7c51f160e6884f7eecde25235e540f
-
SSDEEP
196608:tXPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP3:t
Static task
static1
Behavioral task
behavioral1
Sample
4276d6e574f6400e64b3f2a1dae82741_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4276d6e574f6400e64b3f2a1dae82741_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
4276d6e574f6400e64b3f2a1dae82741_JaffaCakes118
-
Size
10.9MB
-
MD5
4276d6e574f6400e64b3f2a1dae82741
-
SHA1
aa8086e024027c58126f30047092b43651c0da35
-
SHA256
cd49e88abc766e9e6577b1e7d8b0c4b27df164e7067039ae11ff78c2b0166bb2
-
SHA512
859c90ab3290144e7aef08e9fa126943e28a570da620d46365967c15da158e984a99735352d6c2b099d148cdaa7080066f7c51f160e6884f7eecde25235e540f
-
SSDEEP
196608:tXPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP3:t
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1