General
-
Target
0f5c5f387363e8ea2da8a416265495f8_JaffaCakes118
-
Size
992KB
-
Sample
241003-ssx36swarb
-
MD5
0f5c5f387363e8ea2da8a416265495f8
-
SHA1
210be10e8149a1b206a2e0f9bd530420f4fc5114
-
SHA256
c0d95efec5a7554273d6f3e98ad3b7bf6573374034849757894408206e80ad0f
-
SHA512
0f253c881b7b67578c648704806587ae1e2a3d71bdb43907d68bef3233521c1819cdb79aaafae9b749e7ef7b6afa898afe6b95a866100bdb379c2b1bb537314b
-
SSDEEP
24576:AatFGOH8KzJauobwEK10bVWyBc8TznlwWhLE32GRIVRXnRmqeJthax8:LvGOH8K1fosEHbVI8TznGWJ8I7BmqeJ3
Static task
static1
Behavioral task
behavioral1
Sample
0f5c5f387363e8ea2da8a416265495f8_JaffaCakes118.dll
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
0f5c5f387363e8ea2da8a416265495f8_JaffaCakes118
-
Size
992KB
-
MD5
0f5c5f387363e8ea2da8a416265495f8
-
SHA1
210be10e8149a1b206a2e0f9bd530420f4fc5114
-
SHA256
c0d95efec5a7554273d6f3e98ad3b7bf6573374034849757894408206e80ad0f
-
SHA512
0f253c881b7b67578c648704806587ae1e2a3d71bdb43907d68bef3233521c1819cdb79aaafae9b749e7ef7b6afa898afe6b95a866100bdb379c2b1bb537314b
-
SSDEEP
24576:AatFGOH8KzJauobwEK10bVWyBc8TznlwWhLE32GRIVRXnRmqeJthax8:LvGOH8K1fosEHbVI8TznGWJ8I7BmqeJ3
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
5