General
-
Target
4fac4131c44725fd2d6fd878f263da8f_JaffaCakes118
-
Size
811KB
-
Sample
241016-3rperazeja
-
MD5
4fac4131c44725fd2d6fd878f263da8f
-
SHA1
873c44330bf1d4fa3060ee61a58ed0710e4268b2
-
SHA256
74195824550845d108c969f66c2fa991c229003467dbf64df4abeb7332d7cd2c
-
SHA512
d29bb1c5d3e6d5bbd8cb6090be218f82e11b6dc1cba17a751ba0670aef35a76b9bbd9b01c25e8e2d1eb6b57271b52bcc7efaf92396822a9badc759d25a766145
-
SSDEEP
12288:7bFm/Bb3/0sX0FPZrOrBfesX+MuXo5zFbguzGuIScikf:NCPXyhroBfesX+uzLGu
Static task
static1
Behavioral task
behavioral1
Sample
4fac4131c44725fd2d6fd878f263da8f_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
4fac4131c44725fd2d6fd878f263da8f_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4fac4131c44725fd2d6fd878f263da8f_JaffaCakes118
-
Size
811KB
-
MD5
4fac4131c44725fd2d6fd878f263da8f
-
SHA1
873c44330bf1d4fa3060ee61a58ed0710e4268b2
-
SHA256
74195824550845d108c969f66c2fa991c229003467dbf64df4abeb7332d7cd2c
-
SHA512
d29bb1c5d3e6d5bbd8cb6090be218f82e11b6dc1cba17a751ba0670aef35a76b9bbd9b01c25e8e2d1eb6b57271b52bcc7efaf92396822a9badc759d25a766145
-
SSDEEP
12288:7bFm/Bb3/0sX0FPZrOrBfesX+MuXo5zFbguzGuIScikf:NCPXyhroBfesX+uzLGu
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1