General
-
Target
822e06f78f3f0c9ca37b1bb7dd1791c0_JaffaCakes118
-
Size
372KB
-
Sample
241031-hx3t4svjfk
-
MD5
822e06f78f3f0c9ca37b1bb7dd1791c0
-
SHA1
b6fa534ee9a65801220550d75a9a595a04c8b808
-
SHA256
ed5d466ed536d790d485c796222988318b81dac2f0b31fe847836d99dc0fa8e5
-
SHA512
cd2fe76fab9a4dda051f2541fcea780654616993e7b3cb00f2dfef50d16a87d2202fe2c4999f40025146bf803fd76f1020fdec9789b803389073de3c0fb8b1cf
-
SSDEEP
6144:lvI8oK0zat8GzwzkIXfYnPY9lrhdMwPT318Tba5DoK0zat8GzwzkIXfYnPYHgd:lQJK0qjIQnAYwPzS3QkK0qjIQnAAd
Behavioral task
behavioral1
Sample
822e06f78f3f0c9ca37b1bb7dd1791c0_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
822e06f78f3f0c9ca37b1bb7dd1791c0_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
822e06f78f3f0c9ca37b1bb7dd1791c0_JaffaCakes118
-
Size
372KB
-
MD5
822e06f78f3f0c9ca37b1bb7dd1791c0
-
SHA1
b6fa534ee9a65801220550d75a9a595a04c8b808
-
SHA256
ed5d466ed536d790d485c796222988318b81dac2f0b31fe847836d99dc0fa8e5
-
SHA512
cd2fe76fab9a4dda051f2541fcea780654616993e7b3cb00f2dfef50d16a87d2202fe2c4999f40025146bf803fd76f1020fdec9789b803389073de3c0fb8b1cf
-
SSDEEP
6144:lvI8oK0zat8GzwzkIXfYnPY9lrhdMwPT318Tba5DoK0zat8GzwzkIXfYnPYHgd:lQJK0qjIQnAYwPzS3QkK0qjIQnAAd
Score8/10-
Drops file in Drivers directory
-
Sets service image path in registry
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1