General
-
Target
c907a029d2fe69a4ae8d5496819168e5_JaffaCakes118
-
Size
57KB
-
Sample
240829-r3125syfpr
-
MD5
c907a029d2fe69a4ae8d5496819168e5
-
SHA1
5644e172035478d6ed80db311d5216c8443a1de3
-
SHA256
1ba4223a6260280c51d83f7791175ac76302128301a146003fc87c70ceacf184
-
SHA512
b92f627398f52a2775f4f0c2018658307c2cf890570b7a80303dc0387ab51b90458cbde45c7b6c899b936fdbfa50d72a230092959aa8516f33d00ebf7581757f
-
SSDEEP
768:eiMjpO09kyj3KQ8gvIjCGPWchf28iqv05XUs/5V2GI9noaN95EhblIqBGK:eJpb9ZzKQpw+dus/Lf+z5Ehbl34K
Malware Config
Targets
-
-
Target
c907a029d2fe69a4ae8d5496819168e5_JaffaCakes118
-
Size
57KB
-
MD5
c907a029d2fe69a4ae8d5496819168e5
-
SHA1
5644e172035478d6ed80db311d5216c8443a1de3
-
SHA256
1ba4223a6260280c51d83f7791175ac76302128301a146003fc87c70ceacf184
-
SHA512
b92f627398f52a2775f4f0c2018658307c2cf890570b7a80303dc0387ab51b90458cbde45c7b6c899b936fdbfa50d72a230092959aa8516f33d00ebf7581757f
-
SSDEEP
768:eiMjpO09kyj3KQ8gvIjCGPWchf28iqv05XUs/5V2GI9noaN95EhblIqBGK:eJpb9ZzKQpw+dus/Lf+z5Ehbl34K
Score10/10-
Modifies firewall policy service
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3