General
-
Target
79dc38de4928d68d822eed4edf0fe8f4_JaffaCakes118
-
Size
308KB
-
Sample
241028-qryxza1aln
-
MD5
79dc38de4928d68d822eed4edf0fe8f4
-
SHA1
37d12135e4ea053524e822a601da8a995407d516
-
SHA256
ebd07804f8890f0a70110a6a8eb86198624562c914c27b10b0124d94f25d1568
-
SHA512
40c5c185df367ff341a51d2ff4753384ccdfabfe76f8c105b69cc65ee4145c9ba1cb2b280d2c5cca89a1b7867bf159263eb6c44a5e038a91cd73f4041ed72cc1
-
SSDEEP
6144:pNmIIxxw/ZmdfE6FUaSLIXGj6tjJVGy4kjF0g7FnW:KPlFLlt4kJ0D
Static task
static1
Behavioral task
behavioral1
Sample
79dc38de4928d68d822eed4edf0fe8f4_JaffaCakes118.dll
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
79dc38de4928d68d822eed4edf0fe8f4_JaffaCakes118
-
Size
308KB
-
MD5
79dc38de4928d68d822eed4edf0fe8f4
-
SHA1
37d12135e4ea053524e822a601da8a995407d516
-
SHA256
ebd07804f8890f0a70110a6a8eb86198624562c914c27b10b0124d94f25d1568
-
SHA512
40c5c185df367ff341a51d2ff4753384ccdfabfe76f8c105b69cc65ee4145c9ba1cb2b280d2c5cca89a1b7867bf159263eb6c44a5e038a91cd73f4041ed72cc1
-
SSDEEP
6144:pNmIIxxw/ZmdfE6FUaSLIXGj6tjJVGy4kjF0g7FnW:KPlFLlt4kJ0D
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Ramnit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
9