General
-
Target
19e46408cdf85c1790728b2ad1e00dec_JaffaCakes118
-
Size
108KB
-
Sample
240628-m8n8bawdqa
-
MD5
19e46408cdf85c1790728b2ad1e00dec
-
SHA1
f5c355b93840cb4038852d67611ca7160a5692f3
-
SHA256
be984dcb05ac824b5ffcab2d7c0c2c5f131da0801c8efb93e953a65d71cadd41
-
SHA512
641dda503ec23dec97562952d297bac137f0064b47f47837c73f8d42c76e8c4c26f69eae5e0e5bf2653c8ad754f5520460b54d5410cc5c359676cf4415523754
-
SSDEEP
3072:AxCuqnzsUkYrPHl5dBONYIoriXIrKfiHpI61FFTF:Ax/YrLdBONYH+IrK0I61
Static task
static1
Behavioral task
behavioral1
Sample
19e46408cdf85c1790728b2ad1e00dec_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
19e46408cdf85c1790728b2ad1e00dec_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
19e46408cdf85c1790728b2ad1e00dec_JaffaCakes118
-
Size
108KB
-
MD5
19e46408cdf85c1790728b2ad1e00dec
-
SHA1
f5c355b93840cb4038852d67611ca7160a5692f3
-
SHA256
be984dcb05ac824b5ffcab2d7c0c2c5f131da0801c8efb93e953a65d71cadd41
-
SHA512
641dda503ec23dec97562952d297bac137f0064b47f47837c73f8d42c76e8c4c26f69eae5e0e5bf2653c8ad754f5520460b54d5410cc5c359676cf4415523754
-
SSDEEP
3072:AxCuqnzsUkYrPHl5dBONYIoriXIrKfiHpI61FFTF:Ax/YrLdBONYH+IrK0I61
Score8/10-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Drops file in System32 directory
-