General
-
Target
f70ddc97b207adabe689119ffdb417fb_JaffaCakes118
-
Size
606KB
-
Sample
240925-3awgqswgjg
-
MD5
f70ddc97b207adabe689119ffdb417fb
-
SHA1
ab4eb75749181630430d5b8ef89561c960b2845b
-
SHA256
80c67c07d6633052260435fa5e44b50d4f72c6cc174c5fdbcc75c88e01506788
-
SHA512
8d56f94912ec9a839737c3cf43c50d4b9baa434c7b8d4812a2390c19473fd6be0d3ce234f7d7de8b1152e93678647200ca91c27a3c472926da8b5212db0bdf1b
-
SSDEEP
12288:1GP7WUtpdOy2R+9zR2yXuhcW3PtPgRWkFouZRLBKf1zg2/nBL:1GXtPB9NhXuWYtPrkFLBcU8BL
Static task
static1
Behavioral task
behavioral1
Sample
f70ddc97b207adabe689119ffdb417fb_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f70ddc97b207adabe689119ffdb417fb_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
f70ddc97b207adabe689119ffdb417fb_JaffaCakes118
-
Size
606KB
-
MD5
f70ddc97b207adabe689119ffdb417fb
-
SHA1
ab4eb75749181630430d5b8ef89561c960b2845b
-
SHA256
80c67c07d6633052260435fa5e44b50d4f72c6cc174c5fdbcc75c88e01506788
-
SHA512
8d56f94912ec9a839737c3cf43c50d4b9baa434c7b8d4812a2390c19473fd6be0d3ce234f7d7de8b1152e93678647200ca91c27a3c472926da8b5212db0bdf1b
-
SSDEEP
12288:1GP7WUtpdOy2R+9zR2yXuhcW3PtPgRWkFouZRLBKf1zg2/nBL:1GXtPB9NhXuWYtPrkFLBcU8BL
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1