General
-
Target
61d867ed9de26551837f905ad54a9f82_JaffaCakes118
-
Size
758KB
-
Sample
240721-3dmzrsselm
-
MD5
61d867ed9de26551837f905ad54a9f82
-
SHA1
258061888b632a6c1a78600f64b6b94091b71274
-
SHA256
db07bec4e41ff57f42b5b690416a8c3eacc4d75570eb75fd3c7f32a800d18ee5
-
SHA512
6a9d757afec77c76610b6b6be4f5012ba53f0ff91f911a2602924710f6873ab302558626ad5ba7eb8921e1f5c46d322bd904924d4318d0684a5fd6bcbd0a01bc
-
SSDEEP
12288:m3GnbxJJobfq8zKx2p3c9n9X4Lj/Ajiam4KLPzdRnSR5Mmx:m21roDz26c9n9oHDa
Static task
static1
Behavioral task
behavioral1
Sample
61d867ed9de26551837f905ad54a9f82_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
61d867ed9de26551837f905ad54a9f82_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
61d867ed9de26551837f905ad54a9f82_JaffaCakes118
-
Size
758KB
-
MD5
61d867ed9de26551837f905ad54a9f82
-
SHA1
258061888b632a6c1a78600f64b6b94091b71274
-
SHA256
db07bec4e41ff57f42b5b690416a8c3eacc4d75570eb75fd3c7f32a800d18ee5
-
SHA512
6a9d757afec77c76610b6b6be4f5012ba53f0ff91f911a2602924710f6873ab302558626ad5ba7eb8921e1f5c46d322bd904924d4318d0684a5fd6bcbd0a01bc
-
SSDEEP
12288:m3GnbxJJobfq8zKx2p3c9n9X4Lj/Ajiam4KLPzdRnSR5Mmx:m21roDz26c9n9oHDa
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1