General
-
Target
178db5992b083838ffb393f855bb3038_JaffaCakes118
-
Size
659KB
-
Sample
240627-z3tl3atdnn
-
MD5
178db5992b083838ffb393f855bb3038
-
SHA1
113e849141da66115b181809169c4c590b5dcabb
-
SHA256
2b16710a962c2676143e1f663626bbd2b8daab3f70718414ce6d2cd534379b7b
-
SHA512
08e3e09cac0c6e9966f30119f6f94f95b4bd5f55d7e06e91b860e73e57e34648aa089af8168dce3eb1895e23604bf00adcad015a0fdf32994f7958e49afa1f5a
-
SSDEEP
12288:19AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKZ:zAQ6Zx9cxTmOrucTIEFSpOGU
Behavioral task
behavioral1
Sample
178db5992b083838ffb393f855bb3038_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
178db5992b083838ffb393f855bb3038_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
178db5992b083838ffb393f855bb3038_JaffaCakes118
-
Size
659KB
-
MD5
178db5992b083838ffb393f855bb3038
-
SHA1
113e849141da66115b181809169c4c590b5dcabb
-
SHA256
2b16710a962c2676143e1f663626bbd2b8daab3f70718414ce6d2cd534379b7b
-
SHA512
08e3e09cac0c6e9966f30119f6f94f95b4bd5f55d7e06e91b860e73e57e34648aa089af8168dce3eb1895e23604bf00adcad015a0fdf32994f7958e49afa1f5a
-
SSDEEP
12288:19AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKZ:zAQ6Zx9cxTmOrucTIEFSpOGU
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2