General
-
Target
JaffaCakes118_08f17c7d057b819731120e8530f340aa
-
Size
184KB
-
Sample
250525-g2819azyfs
-
MD5
08f17c7d057b819731120e8530f340aa
-
SHA1
2e687a1d028659cf315bb6931dd6368a2c679863
-
SHA256
d6a3b0af95871a3d107cab909fd7c148e760236a22cb96aa6f2acd9357925fc7
-
SHA512
f22614d4e7717ee864b19b5f7d86bb76c26486a1d9fca74d77e5e4afeae6352be3816654a9d3434f4b8106f1c099e8d5128843d7cd773f0bda48c3382dd7c389
-
SSDEEP
3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW11:GWkWXV9wUezUroW+tCmCCfNGY
Behavioral task
behavioral1
Sample
JaffaCakes118_08f17c7d057b819731120e8530f340aa.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
JaffaCakes118_08f17c7d057b819731120e8530f340aa.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
JaffaCakes118_08f17c7d057b819731120e8530f340aa
-
Size
184KB
-
MD5
08f17c7d057b819731120e8530f340aa
-
SHA1
2e687a1d028659cf315bb6931dd6368a2c679863
-
SHA256
d6a3b0af95871a3d107cab909fd7c148e760236a22cb96aa6f2acd9357925fc7
-
SHA512
f22614d4e7717ee864b19b5f7d86bb76c26486a1d9fca74d77e5e4afeae6352be3816654a9d3434f4b8106f1c099e8d5128843d7cd773f0bda48c3382dd7c389
-
SSDEEP
3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW11:GWkWXV9wUezUroW+tCmCCfNGY
Score10/10-
Detects Mofksys worm
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Mofksys family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4