General
-
Target
d9e60f1a0fad5f5d7a9dd35153b48f7b_JaffaCakes118
-
Size
33KB
-
Sample
240911-jky6tszgpf
-
MD5
d9e60f1a0fad5f5d7a9dd35153b48f7b
-
SHA1
aa7cf6bf95cbc367dac8e3af8f37b4f5ac73f1d0
-
SHA256
2b0ccbb844690d4572a3a0bde468a8ffb250008a8d18031e53d9b21a0112fdcf
-
SHA512
8acbc8ce38fbe19e139159f21c551b09c63cdb4b4505e35fc0f25fc5f961827c60ab86abd2e2156d74ef5b3738c4baaf26300c448e3e3d450a170b9f9dc5085e
-
SSDEEP
768:gb3EhwiDVnjNL2K1IfnrzMkg8vUF17HcA00tmSVX:gb3ESqLh1IzzMkggy17HcutmAX
Behavioral task
behavioral1
Sample
d9e60f1a0fad5f5d7a9dd35153b48f7b_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d9e60f1a0fad5f5d7a9dd35153b48f7b_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
d9e60f1a0fad5f5d7a9dd35153b48f7b_JaffaCakes118
-
Size
33KB
-
MD5
d9e60f1a0fad5f5d7a9dd35153b48f7b
-
SHA1
aa7cf6bf95cbc367dac8e3af8f37b4f5ac73f1d0
-
SHA256
2b0ccbb844690d4572a3a0bde468a8ffb250008a8d18031e53d9b21a0112fdcf
-
SHA512
8acbc8ce38fbe19e139159f21c551b09c63cdb4b4505e35fc0f25fc5f961827c60ab86abd2e2156d74ef5b3738c4baaf26300c448e3e3d450a170b9f9dc5085e
-
SSDEEP
768:gb3EhwiDVnjNL2K1IfnrzMkg8vUF17HcA00tmSVX:gb3ESqLh1IzzMkggy17HcutmAX
Score8/10-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1