General
-
Target
8098d4516d67647307db6212942bde3d_JaffaCakes118
-
Size
1.7MB
-
Sample
241030-3gbqxavmhm
-
MD5
8098d4516d67647307db6212942bde3d
-
SHA1
4a6391977a46f801e514ea3655ec9bfa8c6fbb57
-
SHA256
31392f94b459c4aded4bc954823b1b0bb15528739cb7ad817544150ac16163a1
-
SHA512
87ef08f88dfff8d167c91b118d81d9111d0bc7459541e30bddf276d47fed27a90014f8d66254c0f8d10f2222388134cf801fdb968b93578f7a233c8e71db14c7
-
SSDEEP
49152:Sps/dEu92rc7FK0fuTTe59loMlBct+jf/ptidfM:YK12w7FKLTTQ9lo+pti9M
Static task
static1
Behavioral task
behavioral1
Sample
8098d4516d67647307db6212942bde3d_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8098d4516d67647307db6212942bde3d_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
http://pc-guarrantor-utility.com/favicon.ico?0=103&1=0&2=1&3=85&4=i-s&5=7601&6=6&7=1&8=99600&9=1033&10=0&11=0000
Extracted
http://pc-guarrantor-utility.com/favicon.ico?0=103&1=0&2=1&3=85&4=i-s&5=9200&6=6&7=2&8=919041&9=1033&10=0&11=0000
Targets
-
-
Target
8098d4516d67647307db6212942bde3d_JaffaCakes118
-
Size
1.7MB
-
MD5
8098d4516d67647307db6212942bde3d
-
SHA1
4a6391977a46f801e514ea3655ec9bfa8c6fbb57
-
SHA256
31392f94b459c4aded4bc954823b1b0bb15528739cb7ad817544150ac16163a1
-
SHA512
87ef08f88dfff8d167c91b118d81d9111d0bc7459541e30bddf276d47fed27a90014f8d66254c0f8d10f2222388134cf801fdb968b93578f7a233c8e71db14c7
-
SSDEEP
49152:Sps/dEu92rc7FK0fuTTe59loMlBct+jf/ptidfM:YK12w7FKLTTQ9lo+pti9M
-
Modifies WinLogon for persistence
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Impair Defenses
1Indicator Removal
1File Deletion
1Modify Registry
2