General
-
Target
1bd55370eb1c245bbcff71cda6dc8e27_JaffaCakes118
-
Size
196KB
-
Sample
240701-vss6bszdlb
-
MD5
1bd55370eb1c245bbcff71cda6dc8e27
-
SHA1
80aac548239e12912f21a460a4e24c101f6a34ec
-
SHA256
5b62fff783ce4e2c4a8888f4c6c4bb204299285ada373cc322b96b48512b824c
-
SHA512
470ec1a7faf912754ec2b2c5ab0ff4b01d169218f75565f185358fb9142427112d91827b1872bf2cad4344a1373e9b4bac45736a98c611d501f1059e1d2911dc
-
SSDEEP
6144:oskyLvcIwSbOCx+/nnynd0Bi7p7esjjde8a:pUiKnVi7pRjjde8a
Static task
static1
Behavioral task
behavioral1
Sample
1bd55370eb1c245bbcff71cda6dc8e27_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1bd55370eb1c245bbcff71cda6dc8e27_JaffaCakes118.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
1bd55370eb1c245bbcff71cda6dc8e27_JaffaCakes118
-
Size
196KB
-
MD5
1bd55370eb1c245bbcff71cda6dc8e27
-
SHA1
80aac548239e12912f21a460a4e24c101f6a34ec
-
SHA256
5b62fff783ce4e2c4a8888f4c6c4bb204299285ada373cc322b96b48512b824c
-
SHA512
470ec1a7faf912754ec2b2c5ab0ff4b01d169218f75565f185358fb9142427112d91827b1872bf2cad4344a1373e9b4bac45736a98c611d501f1059e1d2911dc
-
SSDEEP
6144:oskyLvcIwSbOCx+/nnynd0Bi7p7esjjde8a:pUiKnVi7pRjjde8a
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1