General
-
Target
0e926afc3cee817171a9bb124a6a48a0_JaffaCakes118
-
Size
152KB
-
Sample
241003-h9fkca1gjp
-
MD5
0e926afc3cee817171a9bb124a6a48a0
-
SHA1
5670856b07f8a3b17bd9e6f5e48cb83d36443488
-
SHA256
98021db747d970ffd4c34fbdb7cd8079cabfe780bae4b9ba2a1a40c653c8b417
-
SHA512
58cd555529ca079409723c4d985ebffae5f998711cb88746ce2d313811f9faa1331121053bfe9b822d57ad4125f789b4363f7df78ecfe2043fcc9466f7ec4ffb
-
SSDEEP
3072:dn2PxxtKjiJSfzIkOb4ZNeUxFPAI8JsFYyOG/102+klCQE:9DjiJ3k5ZNeUfPATJsV02n8x
Static task
static1
Behavioral task
behavioral1
Sample
0e926afc3cee817171a9bb124a6a48a0_JaffaCakes118.dll
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
0e926afc3cee817171a9bb124a6a48a0_JaffaCakes118
-
Size
152KB
-
MD5
0e926afc3cee817171a9bb124a6a48a0
-
SHA1
5670856b07f8a3b17bd9e6f5e48cb83d36443488
-
SHA256
98021db747d970ffd4c34fbdb7cd8079cabfe780bae4b9ba2a1a40c653c8b417
-
SHA512
58cd555529ca079409723c4d985ebffae5f998711cb88746ce2d313811f9faa1331121053bfe9b822d57ad4125f789b4363f7df78ecfe2043fcc9466f7ec4ffb
-
SSDEEP
3072:dn2PxxtKjiJSfzIkOb4ZNeUxFPAI8JsFYyOG/102+klCQE:9DjiJ3k5ZNeUfPATJsV02n8x
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
9