General
-
Target
65df3c385d174f9e211757b25925be30_JaffaCakes118
-
Size
522KB
-
Sample
240723-dfnawatekc
-
MD5
65df3c385d174f9e211757b25925be30
-
SHA1
9261218e9c7be26305f7b45831d95f152be4e54f
-
SHA256
14a3df7dce7912f61f40a0b29ee4f82d2a9c369cd9f294916ad317a7a3c4b77b
-
SHA512
efe3da4609793472d0bc0d96290130b9fa566c9c94bb20082bd4ed0d058ca6cab81306958f1e50329dee4327311ec04e856c29630814a19f796f73d48e8f5a58
-
SSDEEP
12288:/deqXOJiv3MUFdFWcst1BYrySd88OqFXXaoUjCkf5Vk/I+ZzMg8h:wqXqUjdFM1aryq88OqB4Ckf5VYXFu
Static task
static1
Behavioral task
behavioral1
Sample
65df3c385d174f9e211757b25925be30_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
65df3c385d174f9e211757b25925be30_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
65df3c385d174f9e211757b25925be30_JaffaCakes118
-
Size
522KB
-
MD5
65df3c385d174f9e211757b25925be30
-
SHA1
9261218e9c7be26305f7b45831d95f152be4e54f
-
SHA256
14a3df7dce7912f61f40a0b29ee4f82d2a9c369cd9f294916ad317a7a3c4b77b
-
SHA512
efe3da4609793472d0bc0d96290130b9fa566c9c94bb20082bd4ed0d058ca6cab81306958f1e50329dee4327311ec04e856c29630814a19f796f73d48e8f5a58
-
SSDEEP
12288:/deqXOJiv3MUFdFWcst1BYrySd88OqFXXaoUjCkf5Vk/I+ZzMg8h:wqXqUjdFM1aryq88OqB4Ckf5VYXFu
Score10/10-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-