General
-
Target
1b0dd8a31731b44b9235741affb77d87_JaffaCakes118
-
Size
1.1MB
-
Sample
240701-m67a4sxhlg
-
MD5
1b0dd8a31731b44b9235741affb77d87
-
SHA1
dd00125ea1d83ec0ffa2aa13f924f0e3826db549
-
SHA256
4438bc9715f6531c5abcc9828079f7268d2d441f11a77c4fed7721e686d9003f
-
SHA512
69aa542ab02f1367cccb2d9cb257a542565cf404454f545f446013bbd928794306341ff48e96c60c1f7167eb6f7c2590f84a683c66d7206cb8a78dc21d572be2
-
SSDEEP
12288:Sr0M13kcFeHQJ2gkAUb3eUjwrQ492Htd8Efnik8DGcuT3+Wf+IHp01kVFvJwC+62:TBxfSg7KS4WXERG
Static task
static1
Behavioral task
behavioral1
Sample
1b0dd8a31731b44b9235741affb77d87_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
1b0dd8a31731b44b9235741affb77d87_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
1b0dd8a31731b44b9235741affb77d87_JaffaCakes118
-
Size
1.1MB
-
MD5
1b0dd8a31731b44b9235741affb77d87
-
SHA1
dd00125ea1d83ec0ffa2aa13f924f0e3826db549
-
SHA256
4438bc9715f6531c5abcc9828079f7268d2d441f11a77c4fed7721e686d9003f
-
SHA512
69aa542ab02f1367cccb2d9cb257a542565cf404454f545f446013bbd928794306341ff48e96c60c1f7167eb6f7c2590f84a683c66d7206cb8a78dc21d572be2
-
SSDEEP
12288:Sr0M13kcFeHQJ2gkAUb3eUjwrQ492Htd8Efnik8DGcuT3+Wf+IHp01kVFvJwC+62:TBxfSg7KS4WXERG
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1