General
-
Target
7d17a134fc4e8ac725230866fe17fe3d_JaffaCakes118
-
Size
1.8MB
-
Sample
240731-tq1xqaxbne
-
MD5
7d17a134fc4e8ac725230866fe17fe3d
-
SHA1
bc66b4142be0d528dfab255f83bbfd40b45cef4d
-
SHA256
4a944953f27dbdfddb04b6eab50b981e7fcb8449b808d67f28cb519225a08787
-
SHA512
4fd3dedd62a01f60a3819fb2b3961a645a47aaeb907e8a0a0441a234844285b984649db2a1d9c75a3c6bc9af970259474b00ed66e39dc1e18252a7b70cacfc3b
-
SSDEEP
49152:pMrvKuOAkxDKy981+InEmxPwvGVmDSBOWn0EhG:pMrvPwxDKy981+KEmN/Vmsqr
Behavioral task
behavioral1
Sample
7d17a134fc4e8ac725230866fe17fe3d_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Targets
-
-
Target
7d17a134fc4e8ac725230866fe17fe3d_JaffaCakes118
-
Size
1.8MB
-
MD5
7d17a134fc4e8ac725230866fe17fe3d
-
SHA1
bc66b4142be0d528dfab255f83bbfd40b45cef4d
-
SHA256
4a944953f27dbdfddb04b6eab50b981e7fcb8449b808d67f28cb519225a08787
-
SHA512
4fd3dedd62a01f60a3819fb2b3961a645a47aaeb907e8a0a0441a234844285b984649db2a1d9c75a3c6bc9af970259474b00ed66e39dc1e18252a7b70cacfc3b
-
SSDEEP
49152:pMrvKuOAkxDKy981+InEmxPwvGVmDSBOWn0EhG:pMrvPwxDKy981+KEmN/Vmsqr
-
Ardamax main executable
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
3Virtualization/Sandbox Evasion
1