General
-
Target
176aa5ecb5a01649e4fdaea9915ef131_JaffaCakes118
-
Size
312KB
-
Sample
240627-y9531ayhkc
-
MD5
176aa5ecb5a01649e4fdaea9915ef131
-
SHA1
801f6060755f8e4afdec41aba0c062b4890d0a38
-
SHA256
850d8de52e9d88bae530374aac943fc6d60d6661933d9953ea5715e4433cceb4
-
SHA512
fd781cbad48d079c02bc14e268fb1717f2c40a571e811c3f36e727546be1cfcfd04f158d2d0c6302faae990b0f8546e5f67b77703451b81151b5130c93dbc084
-
SSDEEP
6144:hcTbuKgqP75mDbeWQztbeO3BUd2BfQzkfP6F:O/HEDbeFtbeu7gYY
Static task
static1
Behavioral task
behavioral1
Sample
176aa5ecb5a01649e4fdaea9915ef131_JaffaCakes118.dll
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
176aa5ecb5a01649e4fdaea9915ef131_JaffaCakes118
-
Size
312KB
-
MD5
176aa5ecb5a01649e4fdaea9915ef131
-
SHA1
801f6060755f8e4afdec41aba0c062b4890d0a38
-
SHA256
850d8de52e9d88bae530374aac943fc6d60d6661933d9953ea5715e4433cceb4
-
SHA512
fd781cbad48d079c02bc14e268fb1717f2c40a571e811c3f36e727546be1cfcfd04f158d2d0c6302faae990b0f8546e5f67b77703451b81151b5130c93dbc084
-
SSDEEP
6144:hcTbuKgqP75mDbeWQztbeO3BUd2BfQzkfP6F:O/HEDbeFtbeu7gYY
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1