General
-
Target
0fdcece65289dc442a99b875eeb9c498_JaffaCakes118
-
Size
180KB
-
Sample
241003-v3nzcs1dla
-
MD5
0fdcece65289dc442a99b875eeb9c498
-
SHA1
49ae8323ccb9fbd92fce5c09e058b86087e51c8c
-
SHA256
e7db1e2ba7dcc5c0e8ceb11c888ec361f0595418d82b792dcdd5844c7d13759f
-
SHA512
07607f318551990737194914510bab366973a16ed685a7fda93fb2a482efc13bf22bb2e6187578a6bb7f30f45a0551ee38468316f0e7dd538a1e19dcdb62fee9
-
SSDEEP
3072:1P2PxxtVYTRMClk3oq2L9vNTDQm/iAeQZZer:NyiRq4xZvNTOAhZZo
Static task
static1
Behavioral task
behavioral1
Sample
0fdcece65289dc442a99b875eeb9c498_JaffaCakes118.dll
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
0fdcece65289dc442a99b875eeb9c498_JaffaCakes118
-
Size
180KB
-
MD5
0fdcece65289dc442a99b875eeb9c498
-
SHA1
49ae8323ccb9fbd92fce5c09e058b86087e51c8c
-
SHA256
e7db1e2ba7dcc5c0e8ceb11c888ec361f0595418d82b792dcdd5844c7d13759f
-
SHA512
07607f318551990737194914510bab366973a16ed685a7fda93fb2a482efc13bf22bb2e6187578a6bb7f30f45a0551ee38468316f0e7dd538a1e19dcdb62fee9
-
SSDEEP
3072:1P2PxxtVYTRMClk3oq2L9vNTDQm/iAeQZZer:NyiRq4xZvNTOAhZZo
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
9