General
-
Target
eacca13439ba115857f1806497a74b58_JaffaCakes118
-
Size
32KB
-
Sample
240919-hpnp8awemp
-
MD5
eacca13439ba115857f1806497a74b58
-
SHA1
3fbc27b9816468fd366117efab97e5df6e7379f4
-
SHA256
6de4dcf3356456bbe879e8ddc6b4650f44e951e956b5663c2659373a85060f55
-
SHA512
1a788d6587c1078278becd4320972ed4a018c3c005f14476ba65bd0110083646cb6e8cad255205920cfef481f1779a4e74262acd6cdb3c48d4d482057dda45d3
-
SSDEEP
384:tvJ3P3KSDneneAXpEXdnkZZ03G8C8LdISm8FqXcfLc5IxmyOCTO8zTasZ/zZbQ4M:th2eXn6Zx8+Sml6l6WL1vJTu7
Malware Config
Targets
-
-
Target
eacca13439ba115857f1806497a74b58_JaffaCakes118
-
Size
32KB
-
MD5
eacca13439ba115857f1806497a74b58
-
SHA1
3fbc27b9816468fd366117efab97e5df6e7379f4
-
SHA256
6de4dcf3356456bbe879e8ddc6b4650f44e951e956b5663c2659373a85060f55
-
SHA512
1a788d6587c1078278becd4320972ed4a018c3c005f14476ba65bd0110083646cb6e8cad255205920cfef481f1779a4e74262acd6cdb3c48d4d482057dda45d3
-
SSDEEP
384:tvJ3P3KSDneneAXpEXdnkZZ03G8C8LdISm8FqXcfLc5IxmyOCTO8zTasZ/zZbQ4M:th2eXn6Zx8+Sml6l6WL1vJTu7
Score10/10-
UAC bypass
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
3