General
-
Target
eecb14b3a5a9f705a4fa18d049985baa_JaffaCakes118
-
Size
132KB
-
Sample
240921-bl4tpsyarh
-
MD5
eecb14b3a5a9f705a4fa18d049985baa
-
SHA1
1ba1279018bc4766a9bd8780f7b287e3e69706f4
-
SHA256
5c81d03d811402c8ebfeec3478834018c53a3cd41ad477f7e04793d885eeabe2
-
SHA512
679b0409eebe71a064c6fc800efaeb38dacc8d8c739b9f9be4e9f591282b1cb6a72d9bde10ea8ed4767af2e4bc1d65ce9d6724bac7b41b6d4692b78df483e7b6
-
SSDEEP
3072:w3k/VPrdVfWM8RM/8KmwBErXXFefQmD8ampjIipt:f/RX8/KmwBEjXFeos8aCUiz
Static task
static1
Behavioral task
behavioral1
Sample
eecb14b3a5a9f705a4fa18d049985baa_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eecb14b3a5a9f705a4fa18d049985baa_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
eecb14b3a5a9f705a4fa18d049985baa_JaffaCakes118
-
Size
132KB
-
MD5
eecb14b3a5a9f705a4fa18d049985baa
-
SHA1
1ba1279018bc4766a9bd8780f7b287e3e69706f4
-
SHA256
5c81d03d811402c8ebfeec3478834018c53a3cd41ad477f7e04793d885eeabe2
-
SHA512
679b0409eebe71a064c6fc800efaeb38dacc8d8c739b9f9be4e9f591282b1cb6a72d9bde10ea8ed4767af2e4bc1d65ce9d6724bac7b41b6d4692b78df483e7b6
-
SSDEEP
3072:w3k/VPrdVfWM8RM/8KmwBErXXFefQmD8ampjIipt:f/RX8/KmwBEjXFeos8aCUiz
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2