General
-
Target
fad016aa0d9cbb6ef0b77f5e5da882a7_JaffaCakes118
-
Size
4.5MB
-
Sample
240927-ylpfcawfrr
-
MD5
fad016aa0d9cbb6ef0b77f5e5da882a7
-
SHA1
418db225e6b73bcfbfee39d40c3a53f02dd63d34
-
SHA256
ce01ee4fb92d1ac77b7838ab603d13d701b747c1077ff892d29451afcfc9af73
-
SHA512
05821257ea8095177c98197a677d4ade28d8a9553bf0261f2b81d74bcea0e9a874be0e9980d50bc75f0f587cef02816d3c7075f954bf183f151ae918b3c3f651
-
SSDEEP
49152:bAerQZbd2f88erQZbd2f88erQZbd2f88erQZbd2f88erQZbd2f88erQZbd2f8b:VrQZVrQZVrQZVrQZVrQZVrQZr
Static task
static1
Behavioral task
behavioral1
Sample
fad016aa0d9cbb6ef0b77f5e5da882a7_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
fad016aa0d9cbb6ef0b77f5e5da882a7_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
fad016aa0d9cbb6ef0b77f5e5da882a7_JaffaCakes118
-
Size
4.5MB
-
MD5
fad016aa0d9cbb6ef0b77f5e5da882a7
-
SHA1
418db225e6b73bcfbfee39d40c3a53f02dd63d34
-
SHA256
ce01ee4fb92d1ac77b7838ab603d13d701b747c1077ff892d29451afcfc9af73
-
SHA512
05821257ea8095177c98197a677d4ade28d8a9553bf0261f2b81d74bcea0e9a874be0e9980d50bc75f0f587cef02816d3c7075f954bf183f151ae918b3c3f651
-
SSDEEP
49152:bAerQZbd2f88erQZbd2f88erQZbd2f88erQZbd2f88erQZbd2f88erQZbd2f8b:VrQZVrQZVrQZVrQZVrQZVrQZr
-
Modifies visibility of file extensions in Explorer
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Indicator Removal
1File Deletion
1Modify Registry
1