General
-
Target
4aeeb1d8f23828e5c2cd587abc052a81_JaffaCakes118
-
Size
850KB
-
Sample
241016-cezrva1fll
-
MD5
4aeeb1d8f23828e5c2cd587abc052a81
-
SHA1
23c3ef082ac782bdb3c6d210ff08fe90ad20560a
-
SHA256
2522cbd68d9cdc8e8979353e708aba9b2e7fe6a5c06e97419d6c8806ea78b654
-
SHA512
47f733577a694c81c57197abe1123e91a981cc96cb76f481a77434b4bd7a2054ba2f69630237cbeef3a1a8be7f5e007a6775f2d4b41966049c74895d7b23c0e8
-
SSDEEP
24576:8osOsHIV5ctEcQVDC3sPrLcEf6Z+c3fT7:8oL5ctEcuV/J43
Static task
static1
Behavioral task
behavioral1
Sample
4aeeb1d8f23828e5c2cd587abc052a81_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4aeeb1d8f23828e5c2cd587abc052a81_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4aeeb1d8f23828e5c2cd587abc052a81_JaffaCakes118
-
Size
850KB
-
MD5
4aeeb1d8f23828e5c2cd587abc052a81
-
SHA1
23c3ef082ac782bdb3c6d210ff08fe90ad20560a
-
SHA256
2522cbd68d9cdc8e8979353e708aba9b2e7fe6a5c06e97419d6c8806ea78b654
-
SHA512
47f733577a694c81c57197abe1123e91a981cc96cb76f481a77434b4bd7a2054ba2f69630237cbeef3a1a8be7f5e007a6775f2d4b41966049c74895d7b23c0e8
-
SSDEEP
24576:8osOsHIV5ctEcQVDC3sPrLcEf6Z+c3fT7:8oL5ctEcuV/J43
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1