General
-
Target
JaffaCakes118_0bfff52e62721aed7650a8b3369de786
-
Size
541KB
-
Sample
250529-3aa6sszns3
-
MD5
0bfff52e62721aed7650a8b3369de786
-
SHA1
dababcb1006f83d82b026b55b35abd41298812bc
-
SHA256
13be9791e9c15c49f59209e65b90257d65a9ec7e33e22aec17d4df103e270f4d
-
SHA512
fae8e6374f9c891e14d4987d8d30ef8f39275c3dd978e28124b36ee9ec5edc751d688def18f8498888158afedca05c8f1106da3f7853097b3b1c3e0899659f1c
-
SSDEEP
12288:jdA6rQS/7mY5TtZnw4THHFzAzFELRoc92nP1hEWEFzrKGlVaB:d5mwbFHFzqFELRo5nPrEWEFzuGb4
Static task
static1
Behavioral task
behavioral1
Sample
archive.scr
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
archive.scr
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
archive.scr
-
Size
691KB
-
MD5
0d257126a228f55bc43dac61a6d6feae
-
SHA1
5689fd99543f2e45e29e7eb157c95adcccbb5281
-
SHA256
be2a681814d768bfe766c4ec37f79cf81e3827d71e340aec1f55623aea44cdc2
-
SHA512
4ce32ae2a07c834f62fed94b9dbde0a8d25063969c8190ea6d09da5965673afdfcaa9637f4dd5afe26cddedaccc7ee911cda13e9ce8c532021e900712e62284d
-
SSDEEP
12288:9XmwRo+mv8QD4+0N46C6dadcXiJ6djQqdqijrPrFs4x0hHKFrqtM:9X48QE+UE6dadcSJ6p0ArPJZx0pGMM
Score8/10-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1