General
-
Target
0ed4fa61826690a547b459b18c134bce_JaffaCakes118
-
Size
1.2MB
-
Sample
241003-kpa58syakg
-
MD5
0ed4fa61826690a547b459b18c134bce
-
SHA1
160574ec5e17f4f1e5c67ab7c953213d19761ac7
-
SHA256
a01e6589fa2efd835287898910c7edb6be6519707933686f230329f5b20babad
-
SHA512
478e59eb18233032fba75fcdea86feac1962885333907a813877bfecaac8cb074e8d4961da4431b4f8995b5147c7e202332ede2c9ec90109d42bb3201f1ff42f
-
SSDEEP
12288:mKUdJNAnBFlAt32d2Gj7hs1d8UtkdT1MdwYt+ezSI:1U/yfOmUG8d8Ut8wkeeI
Static task
static1
Behavioral task
behavioral1
Sample
0ed4fa61826690a547b459b18c134bce_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
0ed4fa61826690a547b459b18c134bce_JaffaCakes118
-
Size
1.2MB
-
MD5
0ed4fa61826690a547b459b18c134bce
-
SHA1
160574ec5e17f4f1e5c67ab7c953213d19761ac7
-
SHA256
a01e6589fa2efd835287898910c7edb6be6519707933686f230329f5b20babad
-
SHA512
478e59eb18233032fba75fcdea86feac1962885333907a813877bfecaac8cb074e8d4961da4431b4f8995b5147c7e202332ede2c9ec90109d42bb3201f1ff42f
-
SSDEEP
12288:mKUdJNAnBFlAt32d2Gj7hs1d8UtkdT1MdwYt+ezSI:1U/yfOmUG8d8Ut8wkeeI
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
4