General
-
Target
76f4f709a5404fa5990635b4d823ac38_JaffaCakes118
-
Size
342KB
-
Sample
240727-egdcqsyeld
-
MD5
76f4f709a5404fa5990635b4d823ac38
-
SHA1
12b78b2455a0fa04f13658a2b1d23304a7f19a43
-
SHA256
e08e6780ab0ddc15fe29497d01931eef3d16bc304982a34e923267810396a9ce
-
SHA512
23068375bf12e8269cf522299a2d777bf965ef5444d8bb0d92961cf2c8a862dd327dce28b89b3bcb4833d58f8262d2beb2e597c9c0232822dffc67b8be99ff00
-
SSDEEP
6144:WRqmpp+amNOGokzLyM9tsLAitQo6tzOKkzIt8gKyfjxfR9D2j4ykpGAen:mqmpplpGoGL3etQoMiXM8gxf/Sj4ykod
Behavioral task
behavioral1
Sample
76f4f709a5404fa5990635b4d823ac38_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
76f4f709a5404fa5990635b4d823ac38_JaffaCakes118.exe
Resource
win10v2004-20240729-en
Malware Config
Targets
-
-
Target
76f4f709a5404fa5990635b4d823ac38_JaffaCakes118
-
Size
342KB
-
MD5
76f4f709a5404fa5990635b4d823ac38
-
SHA1
12b78b2455a0fa04f13658a2b1d23304a7f19a43
-
SHA256
e08e6780ab0ddc15fe29497d01931eef3d16bc304982a34e923267810396a9ce
-
SHA512
23068375bf12e8269cf522299a2d777bf965ef5444d8bb0d92961cf2c8a862dd327dce28b89b3bcb4833d58f8262d2beb2e597c9c0232822dffc67b8be99ff00
-
SSDEEP
6144:WRqmpp+amNOGokzLyM9tsLAitQo6tzOKkzIt8gKyfjxfR9D2j4ykpGAen:mqmpplpGoGL3etQoMiXM8gxf/Sj4ykod
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2