General
-
Target
61ae76f78fa760f23cc975838f48ee1b_JaffaCakes118
-
Size
822KB
-
Sample
240721-2hg4ms1ajl
-
MD5
61ae76f78fa760f23cc975838f48ee1b
-
SHA1
3aa1fedb0fd9d16f5dd9f8ca0232bc65c88ae1a3
-
SHA256
798aa292ef9b0cc057cd488a274921f23e1090c5be2f8872070e6d27aa792c85
-
SHA512
26d3f9254f5567d19483b5b0c5635abc03a5b13213110b04af9362b75febac646f5a87304a0c1e1b4ee4f4d80386c8677b2018ad5348cdf0574ee8646d52e91a
-
SSDEEP
24576:u3nbWmJVJFwSddIXvfhqbiaxvRxq93D0QZh9u:IamdZdcBYB
Behavioral task
behavioral1
Sample
61ae76f78fa760f23cc975838f48ee1b_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
61ae76f78fa760f23cc975838f48ee1b_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
61ae76f78fa760f23cc975838f48ee1b_JaffaCakes118
-
Size
822KB
-
MD5
61ae76f78fa760f23cc975838f48ee1b
-
SHA1
3aa1fedb0fd9d16f5dd9f8ca0232bc65c88ae1a3
-
SHA256
798aa292ef9b0cc057cd488a274921f23e1090c5be2f8872070e6d27aa792c85
-
SHA512
26d3f9254f5567d19483b5b0c5635abc03a5b13213110b04af9362b75febac646f5a87304a0c1e1b4ee4f4d80386c8677b2018ad5348cdf0574ee8646d52e91a
-
SSDEEP
24576:u3nbWmJVJFwSddIXvfhqbiaxvRxq93D0QZh9u:IamdZdcBYB
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2