General
-
Target
a7850b3873bb5e9d60d120f66a1c353e_JaffaCakes118
-
Size
12.5MB
-
Sample
240818-vrf5daxgkk
-
MD5
a7850b3873bb5e9d60d120f66a1c353e
-
SHA1
ea556df8bdc7fba78f57b554e84e55fbae06cb5d
-
SHA256
ebb879ab42cbdae6fe0c807684c73e6b7fbab715c6f85c934926824ded07297f
-
SHA512
fa4aa8c5f0053356d60f7f89c777ef311fee0e878fc227326d39d93e78a6faccd36e43f5043427b21f7c40dcbcc762af96f82ff5e9d662ecfb83f6d0de6a4aae
-
SSDEEP
196608:cLad4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq6:cL
Static task
static1
Behavioral task
behavioral1
Sample
a7850b3873bb5e9d60d120f66a1c353e_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
a7850b3873bb5e9d60d120f66a1c353e_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
a7850b3873bb5e9d60d120f66a1c353e_JaffaCakes118
-
Size
12.5MB
-
MD5
a7850b3873bb5e9d60d120f66a1c353e
-
SHA1
ea556df8bdc7fba78f57b554e84e55fbae06cb5d
-
SHA256
ebb879ab42cbdae6fe0c807684c73e6b7fbab715c6f85c934926824ded07297f
-
SHA512
fa4aa8c5f0053356d60f7f89c777ef311fee0e878fc227326d39d93e78a6faccd36e43f5043427b21f7c40dcbcc762af96f82ff5e9d662ecfb83f6d0de6a4aae
-
SSDEEP
196608:cLad4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq6:cL
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2