General
-
Target
d34057aa229cdea2ed624ffffaba443f_JaffaCakes118
-
Size
388KB
-
Sample
240908-b2ppqaxcrm
-
MD5
d34057aa229cdea2ed624ffffaba443f
-
SHA1
864b7345d9932cbec3e9cff860d1d968fade8ab3
-
SHA256
c05b20391b2a000fa21895dfd9308f599c2ba7e1341dcc689f3280a36b50f3d9
-
SHA512
c139af2aa537b4839a5700c0aeaa8eed8953ec4e1605d5318c25c11bc256b4310b1a9ac4e1bb358fe69a8eb325994bcfb8007d944688a76fc4ff9fcc54d4cd3f
-
SSDEEP
6144:WF0jTaOznFjm4YKdebVxBqGebpcu+kDfK11eHLVmCbjnF4F25qTG5fbJ:93RFfYqebVjqGQwkDSurZbjnF4F2im1
Static task
static1
Behavioral task
behavioral1
Sample
d34057aa229cdea2ed624ffffaba443f_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
latentbot
gniewkowiec0359.zapto.org
Targets
-
-
Target
d34057aa229cdea2ed624ffffaba443f_JaffaCakes118
-
Size
388KB
-
MD5
d34057aa229cdea2ed624ffffaba443f
-
SHA1
864b7345d9932cbec3e9cff860d1d968fade8ab3
-
SHA256
c05b20391b2a000fa21895dfd9308f599c2ba7e1341dcc689f3280a36b50f3d9
-
SHA512
c139af2aa537b4839a5700c0aeaa8eed8953ec4e1605d5318c25c11bc256b4310b1a9ac4e1bb358fe69a8eb325994bcfb8007d944688a76fc4ff9fcc54d4cd3f
-
SSDEEP
6144:WF0jTaOznFjm4YKdebVxBqGebpcu+kDfK11eHLVmCbjnF4F25qTG5fbJ:93RFfYqebVjqGQwkDSurZbjnF4F2im1
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
5