General
-
Target
7485276e9fec17e3f6c6d18d15c27034_JaffaCakes118
-
Size
660KB
-
Sample
240726-sa6ycsvbrj
-
MD5
7485276e9fec17e3f6c6d18d15c27034
-
SHA1
9b1e89489bfc6e4600d969835231779334237b57
-
SHA256
54f941cb9555f1196ea96f6b438cdb0660635664370c24eed78a521a05ce3045
-
SHA512
7f3311d9ce5823d16c477f5ccdd5b6d232eee2199f8d75a11e6ce83c989b2c7227efd99dd55b152d64463769b853f1d51d7b197765c70c6c2f105649d3f7fdf9
-
SSDEEP
12288:ZaWY/oSbBXXyU1W5fA5vL6xHiYALuo+15EHAjx+SA:ZaWYwSbpXycW5fA5vL1LBEjx+3
Static task
static1
Behavioral task
behavioral1
Sample
7485276e9fec17e3f6c6d18d15c27034_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
7485276e9fec17e3f6c6d18d15c27034_JaffaCakes118.dll
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
7485276e9fec17e3f6c6d18d15c27034_JaffaCakes118
-
Size
660KB
-
MD5
7485276e9fec17e3f6c6d18d15c27034
-
SHA1
9b1e89489bfc6e4600d969835231779334237b57
-
SHA256
54f941cb9555f1196ea96f6b438cdb0660635664370c24eed78a521a05ce3045
-
SHA512
7f3311d9ce5823d16c477f5ccdd5b6d232eee2199f8d75a11e6ce83c989b2c7227efd99dd55b152d64463769b853f1d51d7b197765c70c6c2f105649d3f7fdf9
-
SSDEEP
12288:ZaWY/oSbBXXyU1W5fA5vL6xHiYALuo+15EHAjx+SA:ZaWYwSbpXycW5fA5vL1LBEjx+3
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
3