General
-
Target
d3c440a4f2297b6e4c5f15a0b7d01d96_JaffaCakes118
-
Size
5.8MB
-
Sample
240908-hf3g1stgjc
-
MD5
d3c440a4f2297b6e4c5f15a0b7d01d96
-
SHA1
fd48537f253075c5f2594d6af1a655b3f8aec4fc
-
SHA256
0bb91d6c01005c5bfc2e208344ee3b47af9e31ed99d39eabedbf8f94e3c681cf
-
SHA512
49817004370354702bb061b86d57d763ae5329af1307ddf001619ddd8968acd6c89df94dd66ed8736721499699c62510fa3c9cb4482907ac688c5f091645dc0b
-
SSDEEP
98304:ErQhptmk8uy26GAVcInJF/05ZzJRJwqA61gyDUs2/R12vUuaKaL5amjIBOG/i4YS:88tm/5HyIJJUJYqA6ipsL4LUmEYGxkMl
Malware Config
Targets
-
-
Target
d3c440a4f2297b6e4c5f15a0b7d01d96_JaffaCakes118
-
Size
5.8MB
-
MD5
d3c440a4f2297b6e4c5f15a0b7d01d96
-
SHA1
fd48537f253075c5f2594d6af1a655b3f8aec4fc
-
SHA256
0bb91d6c01005c5bfc2e208344ee3b47af9e31ed99d39eabedbf8f94e3c681cf
-
SHA512
49817004370354702bb061b86d57d763ae5329af1307ddf001619ddd8968acd6c89df94dd66ed8736721499699c62510fa3c9cb4482907ac688c5f091645dc0b
-
SSDEEP
98304:ErQhptmk8uy26GAVcInJF/05ZzJRJwqA61gyDUs2/R12vUuaKaL5amjIBOG/i4YS:88tm/5HyIJJUJYqA6ipsL4LUmEYGxkMl
Score10/10-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Access Token Manipulation
1Create Process with Token
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Access Token Manipulation
1Create Process with Token
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4