General
-
Target
d672b3a0263bddfa358dd126702b5bf9_JaffaCakes118
-
Size
145KB
-
Sample
240909-q66ala1fmp
-
MD5
d672b3a0263bddfa358dd126702b5bf9
-
SHA1
8eb2e79eb7dd7370ddb4a3c46fe85c39cf5f8937
-
SHA256
055c6ad96af409328ebe9a4e8ff7189e3a986508d32a2950223d6a1bc4afe98b
-
SHA512
82b1b9d54a9383b6e829d51e278f765d9489a426d98095cff821e2e9a57bb54079aed4aec830be87aa6f18f35aee41737967b389c0b08cce84ed2c71d14fe0cb
-
SSDEEP
3072:knN5HYBvjr5SM/yv7VDVKMOQg5H1i8fZ5Ys+iyXFm+GqVphIw:kNC5P5SwQDVKM0H1i8fZ5YxXFm+T
Static task
static1
Behavioral task
behavioral1
Sample
d672b3a0263bddfa358dd126702b5bf9_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
d672b3a0263bddfa358dd126702b5bf9_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
d672b3a0263bddfa358dd126702b5bf9_JaffaCakes118
-
Size
145KB
-
MD5
d672b3a0263bddfa358dd126702b5bf9
-
SHA1
8eb2e79eb7dd7370ddb4a3c46fe85c39cf5f8937
-
SHA256
055c6ad96af409328ebe9a4e8ff7189e3a986508d32a2950223d6a1bc4afe98b
-
SHA512
82b1b9d54a9383b6e829d51e278f765d9489a426d98095cff821e2e9a57bb54079aed4aec830be87aa6f18f35aee41737967b389c0b08cce84ed2c71d14fe0cb
-
SSDEEP
3072:knN5HYBvjr5SM/yv7VDVKMOQg5H1i8fZ5Ys+iyXFm+GqVphIw:kNC5P5SwQDVKM0H1i8fZ5YxXFm+T
Score7/10-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
Drops file in System32 directory
-