General
-
Target
14c0cff3e616eb795e8e443002e42fd0_JaffaCakes118
-
Size
530KB
-
Sample
241004-ythyjayarg
-
MD5
14c0cff3e616eb795e8e443002e42fd0
-
SHA1
0ad7df41c5a32b04433a953aadf19d6d0d4085f2
-
SHA256
bf472825b49cbb52133dd84cbf19d5e4ffe339ed68246e5e0aca9b0ee1432764
-
SHA512
66434d50cc1e480fd84560272c0a622b558046204bca5fdb75c21fc7e51b2dfdf99b69924882d9aea3e221e617c394572aaab277314fb859d137f57055747b63
-
SSDEEP
6144:4F3AMFULBW9HMQLuxnTIYmZ9AXc/cnl1LD62E6oNrv7ykFhCIH2ULSUra8yGSy6D:4kLBW9sQixnTqsca22kNr2ULlSy6sC
Static task
static1
Behavioral task
behavioral1
Sample
14c0cff3e616eb795e8e443002e42fd0_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
14c0cff3e616eb795e8e443002e42fd0_JaffaCakes118
-
Size
530KB
-
MD5
14c0cff3e616eb795e8e443002e42fd0
-
SHA1
0ad7df41c5a32b04433a953aadf19d6d0d4085f2
-
SHA256
bf472825b49cbb52133dd84cbf19d5e4ffe339ed68246e5e0aca9b0ee1432764
-
SHA512
66434d50cc1e480fd84560272c0a622b558046204bca5fdb75c21fc7e51b2dfdf99b69924882d9aea3e221e617c394572aaab277314fb859d137f57055747b63
-
SSDEEP
6144:4F3AMFULBW9HMQLuxnTIYmZ9AXc/cnl1LD62E6oNrv7ykFhCIH2ULSUra8yGSy6D:4kLBW9sQixnTqsca22kNr2ULlSy6sC
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5