General
-
Target
820cf1fbe97e0fe6c8d26b0d6169ce14_JaffaCakes118
-
Size
850KB
-
Sample
241031-hbhxtatnck
-
MD5
820cf1fbe97e0fe6c8d26b0d6169ce14
-
SHA1
03d2b1d91d4954bf38f50ed650c2b5de32d935ea
-
SHA256
b98f391aa8ba1719d331c341fc237b13495ea7ead507c46cbe1ba66afba55089
-
SHA512
f945c079ed93e96d16aa2cf503165b30a0c6362f8844a1f99f558d9af6fb9f1fd4f6b34271492ef83a704c1ad803050dcfebbdb9315f38d69b46d08db8bb7785
-
SSDEEP
3072:XdDc+tTAqAZGZGM2tVJV1hUnGpAFQdZK0Jx9ahSD5li:qVf1hgGpAGdZKgGc
Static task
static1
Behavioral task
behavioral1
Sample
820cf1fbe97e0fe6c8d26b0d6169ce14_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
820cf1fbe97e0fe6c8d26b0d6169ce14_JaffaCakes118
-
Size
850KB
-
MD5
820cf1fbe97e0fe6c8d26b0d6169ce14
-
SHA1
03d2b1d91d4954bf38f50ed650c2b5de32d935ea
-
SHA256
b98f391aa8ba1719d331c341fc237b13495ea7ead507c46cbe1ba66afba55089
-
SHA512
f945c079ed93e96d16aa2cf503165b30a0c6362f8844a1f99f558d9af6fb9f1fd4f6b34271492ef83a704c1ad803050dcfebbdb9315f38d69b46d08db8bb7785
-
SSDEEP
3072:XdDc+tTAqAZGZGM2tVJV1hUnGpAFQdZK0Jx9ahSD5li:qVf1hgGpAGdZKgGc
-
Modifies firewall policy service
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables taskbar notifications via registry modification
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Indicator Removal
1Clear Persistence
1Modify Registry
11Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1