General
-
Target
dc6b98b9707c0922ab6a53b3efdd5dac_JaffaCakes118
-
Size
199KB
-
Sample
240912-rtb2nayfkl
-
MD5
dc6b98b9707c0922ab6a53b3efdd5dac
-
SHA1
a72e76fbd5dfa53b3d27ed9d9e6d194a085d7d0e
-
SHA256
f55d6bd5f13356eda64fae070a5eee1a080f06a0aa69bdd7e137496d88346be3
-
SHA512
04b730c73876fc89eb465ebc069ad1e1bdbfbf5d1654a4bb49457d87ec290dd1832a571dea47adabea0d3f3c0461f8ce70d10fe2e4a82cbb698fed254c5d269b
-
SSDEEP
3072:hegn0/CPJCVJx55PUw9B/kRdOm+OiSTW+EJ2Fm5KEUxR4:heT6PJKJTkrOm+jl+E/Q8
Static task
static1
Behavioral task
behavioral1
Sample
dc6b98b9707c0922ab6a53b3efdd5dac_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dc6b98b9707c0922ab6a53b3efdd5dac_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
dc6b98b9707c0922ab6a53b3efdd5dac_JaffaCakes118
-
Size
199KB
-
MD5
dc6b98b9707c0922ab6a53b3efdd5dac
-
SHA1
a72e76fbd5dfa53b3d27ed9d9e6d194a085d7d0e
-
SHA256
f55d6bd5f13356eda64fae070a5eee1a080f06a0aa69bdd7e137496d88346be3
-
SHA512
04b730c73876fc89eb465ebc069ad1e1bdbfbf5d1654a4bb49457d87ec290dd1832a571dea47adabea0d3f3c0461f8ce70d10fe2e4a82cbb698fed254c5d269b
-
SSDEEP
3072:hegn0/CPJCVJx55PUw9B/kRdOm+OiSTW+EJ2Fm5KEUxR4:heT6PJKJTkrOm+jl+E/Q8
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Remote Service Session Hijacking: RDP Hijacking
Adversaries may hijack a legitimate user's remote desktop session to move laterally within an environment.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Password Policy Discovery
Attempt to access detailed information about the password policy used within an enterprise network.
-
Hide Artifacts: Hidden Users
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Discovery
Query Registry
1System Information Discovery
2Password Policy Discovery
1Permission Groups Discovery
1Local Groups
1System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Remote System Discovery
1