General
-
Target
bf7b61b7d5984c357907a111480602e8_JaffaCakes118
-
Size
80KB
-
Sample
240824-1nfmbstbmr
-
MD5
bf7b61b7d5984c357907a111480602e8
-
SHA1
95d79d6f7da79b6487fb19431134ccb09fc027b8
-
SHA256
520a97331c488c176432b18191957390c3e4961af04fa14d8e39482764bade1c
-
SHA512
cce9cd58fcb907618f0289ceb4a63bf9ca8df5bb53a6fa559db68c31f8c05e786b5c862218fc49dc68b2a18d7ecf7d81d9c781a3876455f42420ae21e4443b14
-
SSDEEP
768:qIgxZk/RCEH4QJcWfL3n8z3vpPzXreencxkgbsb3JnPY4f54jKV+JVbZU:QRQJciIDvpLr/nkcr4GVubZU
Static task
static1
Behavioral task
behavioral1
Sample
bf7b61b7d5984c357907a111480602e8_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
bf7b61b7d5984c357907a111480602e8_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
bf7b61b7d5984c357907a111480602e8_JaffaCakes118
-
Size
80KB
-
MD5
bf7b61b7d5984c357907a111480602e8
-
SHA1
95d79d6f7da79b6487fb19431134ccb09fc027b8
-
SHA256
520a97331c488c176432b18191957390c3e4961af04fa14d8e39482764bade1c
-
SHA512
cce9cd58fcb907618f0289ceb4a63bf9ca8df5bb53a6fa559db68c31f8c05e786b5c862218fc49dc68b2a18d7ecf7d81d9c781a3876455f42420ae21e4443b14
-
SSDEEP
768:qIgxZk/RCEH4QJcWfL3n8z3vpPzXreencxkgbsb3JnPY4f54jKV+JVbZU:QRQJciIDvpLr/nkcr4GVubZU
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Discovery
Network Service Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Permission Groups Discovery
1Local Groups
1Process Discovery
1Query Registry
1Remote System Discovery
2System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1System Network Connections Discovery
1