General
-
Target
c06b11b66aae9cc4d859eed6f5f8f898_JaffaCakes118
-
Size
216KB
-
Sample
240825-k8cheaybjn
-
MD5
c06b11b66aae9cc4d859eed6f5f8f898
-
SHA1
fd6484fe45eadfb78e7ac955e683d3743353576e
-
SHA256
d97bb2720fbce5139d964b68660e285494cd8428e7afac25a906d7b6ecfaae59
-
SHA512
100ed0aa86f7924f8a602568693ab1c8bfe771029ea6564166c62ab9613516cd067e4de81798aa705c223170217b73c7b30574376381322e9620561836d0547e
-
SSDEEP
3072:8n+16291vtHRK12Fx7sD0TdmrY8OpPGjTd9Yg5Zt4wnry9p1zwQ:8891lHtz7sDJE9OjZ9Yg5swnmD1z
Static task
static1
Behavioral task
behavioral1
Sample
c06b11b66aae9cc4d859eed6f5f8f898_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
c06b11b66aae9cc4d859eed6f5f8f898_JaffaCakes118
-
Size
216KB
-
MD5
c06b11b66aae9cc4d859eed6f5f8f898
-
SHA1
fd6484fe45eadfb78e7ac955e683d3743353576e
-
SHA256
d97bb2720fbce5139d964b68660e285494cd8428e7afac25a906d7b6ecfaae59
-
SHA512
100ed0aa86f7924f8a602568693ab1c8bfe771029ea6564166c62ab9613516cd067e4de81798aa705c223170217b73c7b30574376381322e9620561836d0547e
-
SSDEEP
3072:8n+16291vtHRK12Fx7sD0TdmrY8OpPGjTd9Yg5Zt4wnry9p1zwQ:8891lHtz7sDJE9OjZ9Yg5swnmD1z
-
Modifies visibility of file extensions in Explorer
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
3Hidden Files and Directories
3Impair Defenses
1Disable or Modify Tools
1Modify Registry
3