General
-
Target
d7456007a18e3ef753d878fd4b609738_JaffaCakes118
-
Size
1.2MB
-
Sample
241208-qpsm6szkhm
-
MD5
d7456007a18e3ef753d878fd4b609738
-
SHA1
81943936080b6eee006281d7bb00a4ba071758ba
-
SHA256
32bf0fadc0f91e74293232f370828869df6ba1c1ce27473874eb67451bddd696
-
SHA512
d8ba24c51e57ce0cc8dadd97beb9c3edbd0cc001ace33a46b43992bd63c688f92bdb7c553c5b2b70ee647874cfc2bded0ea75649eb4d324f980f8dd589dd8666
-
SSDEEP
24576:Rg8fQRCIOE7SUI0Pz1Xd8wENGS7H/GTf3tj4aZBbIUpbT:+yQRLOQ7p5Xd8weJ/Ulj4aZFIUpv
Static task
static1
Behavioral task
behavioral1
Sample
d7456007a18e3ef753d878fd4b609738_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
d7456007a18e3ef753d878fd4b609738_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
d7456007a18e3ef753d878fd4b609738_JaffaCakes118
-
Size
1.2MB
-
MD5
d7456007a18e3ef753d878fd4b609738
-
SHA1
81943936080b6eee006281d7bb00a4ba071758ba
-
SHA256
32bf0fadc0f91e74293232f370828869df6ba1c1ce27473874eb67451bddd696
-
SHA512
d8ba24c51e57ce0cc8dadd97beb9c3edbd0cc001ace33a46b43992bd63c688f92bdb7c553c5b2b70ee647874cfc2bded0ea75649eb4d324f980f8dd589dd8666
-
SSDEEP
24576:Rg8fQRCIOE7SUI0Pz1Xd8wENGS7H/GTf3tj4aZBbIUpbT:+yQRLOQ7p5Xd8weJ/Ulj4aZFIUpv
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
4