General
-
Target
d5e7dd2fdc10eef78d76c41e985bf97c_JaffaCakes118
-
Size
68KB
-
Sample
240909-jrm25syakl
-
MD5
d5e7dd2fdc10eef78d76c41e985bf97c
-
SHA1
7f8543b54a35c65d28a2f0525239f03b3806f092
-
SHA256
4aa852574ad707c3bd6bcddda14e7e3ee493eaeaeb50b3732398214464f7e4b1
-
SHA512
4d4f8e191e98f30b5258d91fd0f5b98fc56daea846811a8e445bfa5e9d98a26363a9d89f28e9a0a5d6defa1715964510bde63827125d8dae50ff06fd465119c9
-
SSDEEP
768:KXzCcEX7m2PX2uC3P1UtKzlJsEqDlEVBRDKwsB9nMZnANQ1N/4U7rYxamg46MVpo:KDCK2PX2uCUtT9DlkBRDPsBcs0WpgX6O
Static task
static1
Behavioral task
behavioral1
Sample
d5e7dd2fdc10eef78d76c41e985bf97c_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d5e7dd2fdc10eef78d76c41e985bf97c_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
d5e7dd2fdc10eef78d76c41e985bf97c_JaffaCakes118
-
Size
68KB
-
MD5
d5e7dd2fdc10eef78d76c41e985bf97c
-
SHA1
7f8543b54a35c65d28a2f0525239f03b3806f092
-
SHA256
4aa852574ad707c3bd6bcddda14e7e3ee493eaeaeb50b3732398214464f7e4b1
-
SHA512
4d4f8e191e98f30b5258d91fd0f5b98fc56daea846811a8e445bfa5e9d98a26363a9d89f28e9a0a5d6defa1715964510bde63827125d8dae50ff06fd465119c9
-
SSDEEP
768:KXzCcEX7m2PX2uC3P1UtKzlJsEqDlEVBRDKwsB9nMZnANQ1N/4U7rYxamg46MVpo:KDCK2PX2uCUtT9DlkBRDPsBcs0WpgX6O
Score10/10-
Expiro payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1