General
-
Target
ea81e7b33ee9ace5b45a611fb6c2a93d_JaffaCakes118
-
Size
124KB
-
Sample
240919-d3yecsygln
-
MD5
ea81e7b33ee9ace5b45a611fb6c2a93d
-
SHA1
0f1e4d9505761e52a9c50e2f77d7d5d1bb5e0db6
-
SHA256
2c628a9437c3a4d9fbf70343493707676573644b40fac8faa39c7f9cadf40b00
-
SHA512
80ec87c5a8b5474df1077689d8ffe01274b0c980affab900d63871f9a0c4000548d380ca50d9ffad93c4751393ff7c7f60609590135105edcca1d525a5c580ba
-
SSDEEP
1536:iSi+1N33RGm//kOSpvzUJEC9frrIEQgBs4QH6uMS98RrRqZ:m+1roAJXfnsgBsrl98Lg
Malware Config
Targets
-
-
Target
ea81e7b33ee9ace5b45a611fb6c2a93d_JaffaCakes118
-
Size
124KB
-
MD5
ea81e7b33ee9ace5b45a611fb6c2a93d
-
SHA1
0f1e4d9505761e52a9c50e2f77d7d5d1bb5e0db6
-
SHA256
2c628a9437c3a4d9fbf70343493707676573644b40fac8faa39c7f9cadf40b00
-
SHA512
80ec87c5a8b5474df1077689d8ffe01274b0c980affab900d63871f9a0c4000548d380ca50d9ffad93c4751393ff7c7f60609590135105edcca1d525a5c580ba
-
SSDEEP
1536:iSi+1N33RGm//kOSpvzUJEC9frrIEQgBs4QH6uMS98RrRqZ:m+1roAJXfnsgBsrl98Lg
Score10/10-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Windows security bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
2Disable or Modify Tools
2Modify Registry
7