General
-
Target
74a2d72c8206a7253aa687be60c2bfa3_JaffaCakes118
-
Size
104KB
-
Sample
240726-sx2bdszdmb
-
MD5
74a2d72c8206a7253aa687be60c2bfa3
-
SHA1
7ece7724c845efbeed2aa78d552a6c541157dec6
-
SHA256
7ac6eb0c613041d60059c68dc2810fd601b46de05b5d0de18d4f6d198f3b5667
-
SHA512
31827a604123ed9208e3e20b2b8fc0326c4d49683cb27d96d8d0d74032b81f899dfeb5e1f77b91c51e304a9645073bbf4b5b02f86ce97b3cffd9a702b50ea3f5
-
SSDEEP
3072:OHE483pNzMPw/tAAw5jwaaHw7Koj4rT3:aF8ZNoPGAJ0
Static task
static1
Behavioral task
behavioral1
Sample
74a2d72c8206a7253aa687be60c2bfa3_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Targets
-
-
Target
74a2d72c8206a7253aa687be60c2bfa3_JaffaCakes118
-
Size
104KB
-
MD5
74a2d72c8206a7253aa687be60c2bfa3
-
SHA1
7ece7724c845efbeed2aa78d552a6c541157dec6
-
SHA256
7ac6eb0c613041d60059c68dc2810fd601b46de05b5d0de18d4f6d198f3b5667
-
SHA512
31827a604123ed9208e3e20b2b8fc0326c4d49683cb27d96d8d0d74032b81f899dfeb5e1f77b91c51e304a9645073bbf4b5b02f86ce97b3cffd9a702b50ea3f5
-
SSDEEP
3072:OHE483pNzMPw/tAAw5jwaaHw7Koj4rT3:aF8ZNoPGAJ0
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
4