General
-
Target
819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118
-
Size
136KB
-
Sample
241031-eztgnsykgv
-
MD5
819de36e469867c9d6c6fdf84bcd9a9d
-
SHA1
8b61fe4d039453cb6f6ed9e116176b7a3a41f340
-
SHA256
debc992881ed63f6c7fcb5c39e7cb69c26ec9735c4a9bb6febbfe8c9d0d818d5
-
SHA512
420b375ee4c1d1eda4c7b77b7999fe0a2d88920bf7d0b0b1d958f21593319424233f7b17f0d3e9e4f6ef26213e1febd9e7860d3f04b5cbb6100fde90da5a0c0b
-
SSDEEP
1536:S4+aEpOwd/VxDy/5X2++jCx3kdjKsPGR7ehp3vmLvsZIZwTcNhLx8bZJLtgm8iuA:obpDCw1p3vmLvsZIaVwiwDcD
Static task
static1
Behavioral task
behavioral1
Sample
819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118
-
Size
136KB
-
MD5
819de36e469867c9d6c6fdf84bcd9a9d
-
SHA1
8b61fe4d039453cb6f6ed9e116176b7a3a41f340
-
SHA256
debc992881ed63f6c7fcb5c39e7cb69c26ec9735c4a9bb6febbfe8c9d0d818d5
-
SHA512
420b375ee4c1d1eda4c7b77b7999fe0a2d88920bf7d0b0b1d958f21593319424233f7b17f0d3e9e4f6ef26213e1febd9e7860d3f04b5cbb6100fde90da5a0c0b
-
SSDEEP
1536:S4+aEpOwd/VxDy/5X2++jCx3kdjKsPGR7ehp3vmLvsZIZwTcNhLx8bZJLtgm8iuA:obpDCw1p3vmLvsZIaVwiwDcD
Score10/10-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Safe Mode Boot
1Modify Registry
5