General
-
Target
e436146aba83ffa9447986735a5e8ea3_JaffaCakes118
-
Size
303KB
-
Sample
240916-hf657stcrc
-
MD5
e436146aba83ffa9447986735a5e8ea3
-
SHA1
eeb939e6b4c98f14ec92bd2e7e922c8de3f620d7
-
SHA256
d3301b05904cc250f8f843e8631515bb9ddbf8c5836ca179c35694b21d2ba2af
-
SHA512
a718c22a0d74542a0840f9eae2ca5b9744fb011a6549fec866e931da7c61edd9718bec14649668f775afd18507ebf9e7a25b02ef21debd41432b1f553c2a911a
-
SSDEEP
6144:dmYRAYwCNVQHCY7G5qEueq7USzuV6DRaLk0EP4ceErU1cmy9:vmvCNECYi5fu97YgDRaLDEP4cfUTy9
Behavioral task
behavioral1
Sample
e436146aba83ffa9447986735a5e8ea3_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e436146aba83ffa9447986735a5e8ea3_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
e436146aba83ffa9447986735a5e8ea3_JaffaCakes118
-
Size
303KB
-
MD5
e436146aba83ffa9447986735a5e8ea3
-
SHA1
eeb939e6b4c98f14ec92bd2e7e922c8de3f620d7
-
SHA256
d3301b05904cc250f8f843e8631515bb9ddbf8c5836ca179c35694b21d2ba2af
-
SHA512
a718c22a0d74542a0840f9eae2ca5b9744fb011a6549fec866e931da7c61edd9718bec14649668f775afd18507ebf9e7a25b02ef21debd41432b1f553c2a911a
-
SSDEEP
6144:dmYRAYwCNVQHCY7G5qEueq7USzuV6DRaLk0EP4ceErU1cmy9:vmvCNECYi5fu97YgDRaLDEP4cfUTy9
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1