General
-
Target
ac2e6c3ab45d7ec9e42f1a234fe70917_JaffaCakes118
-
Size
676KB
-
Sample
240819-xl8zbavall
-
MD5
ac2e6c3ab45d7ec9e42f1a234fe70917
-
SHA1
ac5ea6e5716df8d77622a7e1e6a716672fdf2542
-
SHA256
1c6c929bda49b3a6438019697ab62fed6657997af5faaa351cd1ad8197ac88ba
-
SHA512
98366dfe672555855354f37c87a441f6a396874743b3902b743c49fe9eaa0e424daac232c188992938c0cc770f3380f70b3e47f336cbfe1fd2106cc5ca45d185
-
SSDEEP
12288:u94Vcog9PElU7QpmQWBteo44a05rOTWXOGhJuq1YjvFXbhkBHRc3aVDLUVi:XNlJcFRMq2jv8BHBgo
Static task
static1
Behavioral task
behavioral1
Sample
ac2e6c3ab45d7ec9e42f1a234fe70917_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
ac2e6c3ab45d7ec9e42f1a234fe70917_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
ac2e6c3ab45d7ec9e42f1a234fe70917_JaffaCakes118
-
Size
676KB
-
MD5
ac2e6c3ab45d7ec9e42f1a234fe70917
-
SHA1
ac5ea6e5716df8d77622a7e1e6a716672fdf2542
-
SHA256
1c6c929bda49b3a6438019697ab62fed6657997af5faaa351cd1ad8197ac88ba
-
SHA512
98366dfe672555855354f37c87a441f6a396874743b3902b743c49fe9eaa0e424daac232c188992938c0cc770f3380f70b3e47f336cbfe1fd2106cc5ca45d185
-
SSDEEP
12288:u94Vcog9PElU7QpmQWBteo44a05rOTWXOGhJuq1YjvFXbhkBHRc3aVDLUVi:XNlJcFRMq2jv8BHBgo
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1