General
-
Target
JaffaCakes118_4399174699e769f7c0bf3fe7bfa91902
-
Size
34KB
-
Sample
250127-zp8h3avndz
-
MD5
4399174699e769f7c0bf3fe7bfa91902
-
SHA1
81212c4a86a1db211dc8d2277e5a12818e6d7468
-
SHA256
dc1545d1a80b3980f15bcfd5925c4f6b7edcd5ad8f22b80a9d9e5a77d31ee393
-
SHA512
5f9dbc0184f90f4279ee460cf387cc49458b8c9d9542da05097ab5c603c32bd57dd2d0dbc2f47bdd6432fae57dd16d3c4e2bea1ec54612258424073583a20352
-
SSDEEP
768:0psLyHO8UcU/qsAhLzWEc4QFjT80La1ZO5w:6u8UcU/qsAhLzcLT7La1w5w
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_4399174699e769f7c0bf3fe7bfa91902.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_4399174699e769f7c0bf3fe7bfa91902.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_4399174699e769f7c0bf3fe7bfa91902
-
Size
34KB
-
MD5
4399174699e769f7c0bf3fe7bfa91902
-
SHA1
81212c4a86a1db211dc8d2277e5a12818e6d7468
-
SHA256
dc1545d1a80b3980f15bcfd5925c4f6b7edcd5ad8f22b80a9d9e5a77d31ee393
-
SHA512
5f9dbc0184f90f4279ee460cf387cc49458b8c9d9542da05097ab5c603c32bd57dd2d0dbc2f47bdd6432fae57dd16d3c4e2bea1ec54612258424073583a20352
-
SSDEEP
768:0psLyHO8UcU/qsAhLzWEc4QFjT80La1ZO5w:6u8UcU/qsAhLzcLT7La1w5w
-
Modifies WinLogon for persistence
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1