General
-
Target
793d1a880ee14d2bfabb4914942ff571_JaffaCakes118
-
Size
98KB
-
Sample
241028-mvndvsvmej
-
MD5
793d1a880ee14d2bfabb4914942ff571
-
SHA1
88f0d0afb53cfc13dc1ee20690f93e3e80a09f22
-
SHA256
d3706e839c0735fa7cff245af18e54649e53aabccfbb01488a32ca0e235e879a
-
SHA512
98d1edf4edf8674cbac805efa36c44268ec818026775527a2f9ac9d59f489d6f959d97d38c1812a3808e828406b707fe1f5f8f6ff26d045975a5b19a3c947be0
-
SSDEEP
3072:gHeUZ7gngBpEsgE7974XO7haaHw7Koj4rt:7UZAgB6E79H7
Static task
static1
Behavioral task
behavioral1
Sample
793d1a880ee14d2bfabb4914942ff571_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
793d1a880ee14d2bfabb4914942ff571_JaffaCakes118
-
Size
98KB
-
MD5
793d1a880ee14d2bfabb4914942ff571
-
SHA1
88f0d0afb53cfc13dc1ee20690f93e3e80a09f22
-
SHA256
d3706e839c0735fa7cff245af18e54649e53aabccfbb01488a32ca0e235e879a
-
SHA512
98d1edf4edf8674cbac805efa36c44268ec818026775527a2f9ac9d59f489d6f959d97d38c1812a3808e828406b707fe1f5f8f6ff26d045975a5b19a3c947be0
-
SSDEEP
3072:gHeUZ7gngBpEsgE7974XO7haaHw7Koj4rt:7UZAgB6E79H7
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Ramnit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
9