General
-
Target
7fe19433cdad964acda4a19cfb310abf_JaffaCakes118
-
Size
218KB
-
Sample
241030-tmtn8sykem
-
MD5
7fe19433cdad964acda4a19cfb310abf
-
SHA1
db777e41feb4aa8e2328d0430faff5c7d0012fdd
-
SHA256
970a91222d6a9220014657ca0e8313fb33e1621c9a9eab8019d224cbdf057e56
-
SHA512
fdc933bfeeedc4bd605abb01ace9d4728d1fb0e961f1927e29f28fa3bc58a6c832aa89ab1f7f35a4668d25b99bf2bc8ac67b4c2e60a7ca3c9f732ac8ef8f8295
-
SSDEEP
6144:tTfFDbRnOTrt5J8AuxU0rvjeX+ojqDgls1bsz:D5OsUG6XVWDKs1bY
Static task
static1
Behavioral task
behavioral1
Sample
7fe19433cdad964acda4a19cfb310abf_JaffaCakes118.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
7fe19433cdad964acda4a19cfb310abf_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
7fe19433cdad964acda4a19cfb310abf_JaffaCakes118
-
Size
218KB
-
MD5
7fe19433cdad964acda4a19cfb310abf
-
SHA1
db777e41feb4aa8e2328d0430faff5c7d0012fdd
-
SHA256
970a91222d6a9220014657ca0e8313fb33e1621c9a9eab8019d224cbdf057e56
-
SHA512
fdc933bfeeedc4bd605abb01ace9d4728d1fb0e961f1927e29f28fa3bc58a6c832aa89ab1f7f35a4668d25b99bf2bc8ac67b4c2e60a7ca3c9f732ac8ef8f8295
-
SSDEEP
6144:tTfFDbRnOTrt5J8AuxU0rvjeX+ojqDgls1bsz:D5OsUG6XVWDKs1bY
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1