General
-
Target
1cd7f3d1789fce8865ceb8a1efef4c91_JaffaCakes118
-
Size
904KB
-
Sample
240701-213s3avgra
-
MD5
1cd7f3d1789fce8865ceb8a1efef4c91
-
SHA1
a990cddb8534faab48e2f97ee5b699bd5311623c
-
SHA256
122a4b018095b213e356097ddd724c2708fdcddd4ff89d72e73af150f3b5188a
-
SHA512
e1da51d7c204658d922460d0f7c750b2f0a6768c7f3071ed7ce908303d775cacf63f0132f8aee04fca52057b7b4ed231e017e3eeb1eace8c9605f521e125538f
-
SSDEEP
12288:y3Or9fnnE3OtPtNOzifk58f0LHj5iL3wBt6PSPRfsV0eQWdFfefL432hjvB7eb25:3aetlT86f07jUMBtPRjmeTKCjvde0
Static task
static1
Behavioral task
behavioral1
Sample
1cd7f3d1789fce8865ceb8a1efef4c91_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
1cd7f3d1789fce8865ceb8a1efef4c91_JaffaCakes118
-
Size
904KB
-
MD5
1cd7f3d1789fce8865ceb8a1efef4c91
-
SHA1
a990cddb8534faab48e2f97ee5b699bd5311623c
-
SHA256
122a4b018095b213e356097ddd724c2708fdcddd4ff89d72e73af150f3b5188a
-
SHA512
e1da51d7c204658d922460d0f7c750b2f0a6768c7f3071ed7ce908303d775cacf63f0132f8aee04fca52057b7b4ed231e017e3eeb1eace8c9605f521e125538f
-
SSDEEP
12288:y3Or9fnnE3OtPtNOzifk58f0LHj5iL3wBt6PSPRfsV0eQWdFfefL432hjvB7eb25:3aetlT86f07jUMBtPRjmeTKCjvde0
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1