General
-
Target
JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93
-
Size
720KB
-
Sample
250411-jrbzwattat
-
MD5
ad7f50f41c1d9410542b2565277c0c93
-
SHA1
ec5e1fcb09fe8530b250ae286d757355ad4215a7
-
SHA256
2304b24975f5e9e4a21cd2b8af9e026f5a815eb10034e155d666ae34907b0543
-
SHA512
795049925a8c6ab53f384c3c888e41f97b6044ad6a132e52b02e60281bb354da0fa9f04d8f74219d7bd8223645f93c4d9b0af9cdf9c8699bb4bbc5597036d9b6
-
SSDEEP
12288:VXgvmzFHi0mo5aH0qMzd5807FULPJQPDHvd:VXgvOHi0mGaH0qSdPFUt4V
Behavioral task
behavioral1
Sample
JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93
-
Size
720KB
-
MD5
ad7f50f41c1d9410542b2565277c0c93
-
SHA1
ec5e1fcb09fe8530b250ae286d757355ad4215a7
-
SHA256
2304b24975f5e9e4a21cd2b8af9e026f5a815eb10034e155d666ae34907b0543
-
SHA512
795049925a8c6ab53f384c3c888e41f97b6044ad6a132e52b02e60281bb354da0fa9f04d8f74219d7bd8223645f93c4d9b0af9cdf9c8699bb4bbc5597036d9b6
-
SSDEEP
12288:VXgvmzFHi0mo5aH0qMzd5807FULPJQPDHvd:VXgvOHi0mGaH0qSdPFUt4V
-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Hijack Execution Flow: Executable Installer File Permissions Weakness
Possible Turn off User Account Control's privilege elevation for standard users.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
5