General
-
Target
1bc55516337fbd792bca179ba6a37701_JaffaCakes118
-
Size
2.2MB
-
Sample
240701-vennpaygmg
-
MD5
1bc55516337fbd792bca179ba6a37701
-
SHA1
3af2f89be985f16eaace6d82bd69aa313ae70565
-
SHA256
3d377a53698e96b46952bc7aed2024a577833bb9a3d7922b01a77f07490155d7
-
SHA512
129944a2d4a7318f382b6ddcc09c9865b45825e17661562700a56ad4019b613fc5088c5409ba3b25a4f0ddada7679eb753af6e03e5c9f3129eabf22259dbdfa7
-
SSDEEP
3072:0RsBiWyDJP1j11BJIcBzeFxFtMuqnBJIF+DbCu/bU+99:QxRJPnJwMu6dXCsQi
Static task
static1
Behavioral task
behavioral1
Sample
1bc55516337fbd792bca179ba6a37701_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1bc55516337fbd792bca179ba6a37701_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
1bc55516337fbd792bca179ba6a37701_JaffaCakes118
-
Size
2.2MB
-
MD5
1bc55516337fbd792bca179ba6a37701
-
SHA1
3af2f89be985f16eaace6d82bd69aa313ae70565
-
SHA256
3d377a53698e96b46952bc7aed2024a577833bb9a3d7922b01a77f07490155d7
-
SHA512
129944a2d4a7318f382b6ddcc09c9865b45825e17661562700a56ad4019b613fc5088c5409ba3b25a4f0ddada7679eb753af6e03e5c9f3129eabf22259dbdfa7
-
SSDEEP
3072:0RsBiWyDJP1j11BJIcBzeFxFtMuqnBJIF+DbCu/bU+99:QxRJPnJwMu6dXCsQi
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Active Setup
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Active Setup
1Defense Evasion
Modify Registry
5Hide Artifacts
1Hidden Files and Directories
1