General
-
Target
7fdfd869a4e13c31fca9496f08c9df04_JaffaCakes118
-
Size
24KB
-
Sample
241030-tlr41sxaqb
-
MD5
7fdfd869a4e13c31fca9496f08c9df04
-
SHA1
e540edb3f9b4810bfa76315f10e76bfc09769e68
-
SHA256
a99a3307ab705f6f500e60ce31c82a0b6dbf0f0f7a95d7697b3d262e0246b88f
-
SHA512
5ea5ef51078a37b2156eabb5dcaf51e60bbd2c0d2de9bc32281cb1899a5e53eb655d5124098f3894b75316f323c47ac03d6dc3a8f460ac2f8212c7a99bc9cc46
-
SSDEEP
384:8zz+B1xqgK5tEDWqw/6iHONTUZljgEchyBtR2joHgHQl6nsJaem6:8zeER5tEDzDYf5YoAwwxe9
Static task
static1
Behavioral task
behavioral1
Sample
7fdfd869a4e13c31fca9496f08c9df04_JaffaCakes118.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
7fdfd869a4e13c31fca9496f08c9df04_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
7fdfd869a4e13c31fca9496f08c9df04_JaffaCakes118
-
Size
24KB
-
MD5
7fdfd869a4e13c31fca9496f08c9df04
-
SHA1
e540edb3f9b4810bfa76315f10e76bfc09769e68
-
SHA256
a99a3307ab705f6f500e60ce31c82a0b6dbf0f0f7a95d7697b3d262e0246b88f
-
SHA512
5ea5ef51078a37b2156eabb5dcaf51e60bbd2c0d2de9bc32281cb1899a5e53eb655d5124098f3894b75316f323c47ac03d6dc3a8f460ac2f8212c7a99bc9cc46
-
SSDEEP
384:8zz+B1xqgK5tEDWqw/6iHONTUZljgEchyBtR2joHgHQl6nsJaem6:8zeER5tEDzDYf5YoAwwxe9
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-