General
-
Target
7ffacceea6723097d78ae603b655833e_JaffaCakes118
-
Size
2.2MB
-
Sample
241030-t671zaxgll
-
MD5
7ffacceea6723097d78ae603b655833e
-
SHA1
973e33b3f256ccb40e58630e70cf3d28015aafc4
-
SHA256
fbb9e850a5cfc3a859b1c26c8addbe01bb03b88b42e7c059cf22ea0ccb230805
-
SHA512
5977ec9e18f5941d21427a81f1297dc65b1305f54dfd3e35041b275a22c29c4e70c909f2a4d309b62d3a1002864a33882480ee72b36ac68631f0bdba3d49f0ee
-
SSDEEP
49152:EMbOq1K4d2IPYiiqowvq00p7PiKXTN0pwa0sj8m:oq1K/IrwzXypwa0sIm
Static task
static1
Behavioral task
behavioral1
Sample
7ffacceea6723097d78ae603b655833e_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
7ffacceea6723097d78ae603b655833e_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
http://softscoreinc.com/soft-usage/favicon.ico?0=1200&1=NNYJZAHP&2=i-s&3=60&4=7601&5=6&6=1&7=99600&8=1033
Extracted
http://softscoreinc.com/soft-usage/favicon.ico?0=1200&1=GLZCSNLK&2=i-s&3=60&4=9200&5=6&6=2&7=919041&8=1033
Targets
-
-
Target
7ffacceea6723097d78ae603b655833e_JaffaCakes118
-
Size
2.2MB
-
MD5
7ffacceea6723097d78ae603b655833e
-
SHA1
973e33b3f256ccb40e58630e70cf3d28015aafc4
-
SHA256
fbb9e850a5cfc3a859b1c26c8addbe01bb03b88b42e7c059cf22ea0ccb230805
-
SHA512
5977ec9e18f5941d21427a81f1297dc65b1305f54dfd3e35041b275a22c29c4e70c909f2a4d309b62d3a1002864a33882480ee72b36ac68631f0bdba3d49f0ee
-
SSDEEP
49152:EMbOq1K4d2IPYiiqowvq00p7PiKXTN0pwa0sj8m:oq1K/IrwzXypwa0sIm
-
Modifies WinLogon for persistence
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Indicator Removal
1File Deletion
1Modify Registry
4