General
-
Target
4b55573076f0b1e6287a1067d471bea9_JaffaCakes118
-
Size
272KB
-
Sample
241016-eptppasalf
-
MD5
4b55573076f0b1e6287a1067d471bea9
-
SHA1
3f603d6b8cd9a685794f8c052d0c8ffee54e5c19
-
SHA256
e299df6b42c78a677d6badf54a009e46a0f544e677ba30210449bac1190aa13d
-
SHA512
8e3d975145e36be3e8e0316d4330806c56c3b7dc90bb259417dee70556e1d0ea95c6e57e3050c3b619e3c4481df84bc4a2096a8dbc74091824536d44ff651ef0
-
SSDEEP
6144:qovD4aUeckJjPEvyVEowgHzUeKNbTeoQQQR:XDwWjMvC9wguyoQQQR
Static task
static1
Behavioral task
behavioral1
Sample
4b55573076f0b1e6287a1067d471bea9_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4b55573076f0b1e6287a1067d471bea9_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4b55573076f0b1e6287a1067d471bea9_JaffaCakes118
-
Size
272KB
-
MD5
4b55573076f0b1e6287a1067d471bea9
-
SHA1
3f603d6b8cd9a685794f8c052d0c8ffee54e5c19
-
SHA256
e299df6b42c78a677d6badf54a009e46a0f544e677ba30210449bac1190aa13d
-
SHA512
8e3d975145e36be3e8e0316d4330806c56c3b7dc90bb259417dee70556e1d0ea95c6e57e3050c3b619e3c4481df84bc4a2096a8dbc74091824536d44ff651ef0
-
SSDEEP
6144:qovD4aUeckJjPEvyVEowgHzUeKNbTeoQQQR:XDwWjMvC9wguyoQQQR
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1