General
-
Target
14b60716458fcee0f43c6db584e4202a_JaffaCakes118
-
Size
176KB
-
Sample
241004-yjtx2sxekc
-
MD5
14b60716458fcee0f43c6db584e4202a
-
SHA1
0cedf726f85ba9799738eb1936c40653d28222e7
-
SHA256
922a1b767a8a594488dfb8d95bb0b20b3f53f974db6eba62e2de0ff6457c5dbb
-
SHA512
5606c361f16f08e00b0eff9b45ad0c04e66ac4b2bd502cefbb8e8e5df7c4099162342408df956b29ef486bd72675538532cb7b6d84f47818b1c8907db1686511
-
SSDEEP
3072:blu6S6RTGfwy7kFaDh05bRw8tAg7Jai5yxryX22G74Ql5D34DMI:M6SS6P0/wwAglryx+VjQl5DK
Static task
static1
Behavioral task
behavioral1
Sample
14b60716458fcee0f43c6db584e4202a_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
14b60716458fcee0f43c6db584e4202a_JaffaCakes118
-
Size
176KB
-
MD5
14b60716458fcee0f43c6db584e4202a
-
SHA1
0cedf726f85ba9799738eb1936c40653d28222e7
-
SHA256
922a1b767a8a594488dfb8d95bb0b20b3f53f974db6eba62e2de0ff6457c5dbb
-
SHA512
5606c361f16f08e00b0eff9b45ad0c04e66ac4b2bd502cefbb8e8e5df7c4099162342408df956b29ef486bd72675538532cb7b6d84f47818b1c8907db1686511
-
SSDEEP
3072:blu6S6RTGfwy7kFaDh05bRw8tAg7Jai5yxryX22G74Ql5D34DMI:M6SS6P0/wwAglryx+VjQl5DK
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
5