General
-
Target
b2ba7a7adc362fc1c1f7d992c13a91d3_JaffaCakes118
-
Size
260KB
-
Sample
240821-j4855syape
-
MD5
b2ba7a7adc362fc1c1f7d992c13a91d3
-
SHA1
c70ff7db484617f077d7ac681eafa710c886f815
-
SHA256
14dbfb6f00dbbb6fda37a0b49ba0bf2fc754bbff35ea8cd64ab0f8a9cbba8466
-
SHA512
b29a79de29da79d7ea5987d8f10f9e94a69f8dca501005c8530b808451e6d08d5b7e79e22bef5a3b4af8f3eaf84b756e4295250d3da1d990a9441588d76d1c3b
-
SSDEEP
3072:6xOGBuh5x99hAg8HatV91Ak0jhg9668atfx1R+SDz8mGRNcLfN/lj4OXB2rSiWVT:pAvHask0lf6RD8NS7iWV8Eo
Malware Config
Targets
-
-
Target
b2ba7a7adc362fc1c1f7d992c13a91d3_JaffaCakes118
-
Size
260KB
-
MD5
b2ba7a7adc362fc1c1f7d992c13a91d3
-
SHA1
c70ff7db484617f077d7ac681eafa710c886f815
-
SHA256
14dbfb6f00dbbb6fda37a0b49ba0bf2fc754bbff35ea8cd64ab0f8a9cbba8466
-
SHA512
b29a79de29da79d7ea5987d8f10f9e94a69f8dca501005c8530b808451e6d08d5b7e79e22bef5a3b4af8f3eaf84b756e4295250d3da1d990a9441588d76d1c3b
-
SSDEEP
3072:6xOGBuh5x99hAg8HatV91Ak0jhg9668atfx1R+SDz8mGRNcLfN/lj4OXB2rSiWVT:pAvHask0lf6RD8NS7iWV8Eo
Score10/10-
Modifies firewall policy service
-
UAC bypass
-
Windows security bypass
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Windows security modification
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5