General
-
Target
ee63a3b1daeb1feda8d2f9dbe7d85465_JaffaCakes118
-
Size
508KB
-
Sample
240920-zhhn3axcmm
-
MD5
ee63a3b1daeb1feda8d2f9dbe7d85465
-
SHA1
cebf6071ca26ef937b1ee3a99fddf0e7f687c3da
-
SHA256
49c1288cccadf9cf68e10959ce801d57b575c326ad0b247a28cdc7de2887f972
-
SHA512
59ef6e5a4b9f8374d6741cc5f38ca44126f3ddd7cffc291b077c5659080bdf54cb1b1627aa225eddb3ac2ad362f3b0d884a70921cbbb3419dfd49f381f8f4b73
-
SSDEEP
12288:EYmReXDdp/3TqpB0eO1l/W9CPH5WzYZk2gCHcidvt:EYgMz7Wcu9CPBZkRC8O
Static task
static1
Behavioral task
behavioral1
Sample
ee63a3b1daeb1feda8d2f9dbe7d85465_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ee63a3b1daeb1feda8d2f9dbe7d85465_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
ee63a3b1daeb1feda8d2f9dbe7d85465_JaffaCakes118
-
Size
508KB
-
MD5
ee63a3b1daeb1feda8d2f9dbe7d85465
-
SHA1
cebf6071ca26ef937b1ee3a99fddf0e7f687c3da
-
SHA256
49c1288cccadf9cf68e10959ce801d57b575c326ad0b247a28cdc7de2887f972
-
SHA512
59ef6e5a4b9f8374d6741cc5f38ca44126f3ddd7cffc291b077c5659080bdf54cb1b1627aa225eddb3ac2ad362f3b0d884a70921cbbb3419dfd49f381f8f4b73
-
SSDEEP
12288:EYmReXDdp/3TqpB0eO1l/W9CPH5WzYZk2gCHcidvt:EYgMz7Wcu9CPBZkRC8O
Score10/10-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1