General
-
Target
26b78358c63710aeb562fb47644e230e_JaffaCakes118
-
Size
821KB
-
Sample
240704-3zqmsaygrg
-
MD5
26b78358c63710aeb562fb47644e230e
-
SHA1
a8a8734c0500e270c363a7df2bd82e70ff840495
-
SHA256
8bb96b66c673841d4a513bb85a94ee3ded5bd30689173e5be16ed69c30766a00
-
SHA512
30a4f2034492141cc341ebde56ae1d28cfdd5152275db7f7078e4338b09e0ba4cdeb5eb343cb2d73c0ef9600e50e3252ed9fdb0314ba2d5270d21479b9e5f5bb
-
SSDEEP
12288:9xzvtHKFjnkAqqCy/0GgjV4U3T+q7HpqWyTw424jDjNyCRSE7Y1niMjaR056mcfg:9xzlqFbLq5ogjzTxLmf24j9ymBkia2Y
Static task
static1
Behavioral task
behavioral1
Sample
26b78358c63710aeb562fb47644e230e_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
26b78358c63710aeb562fb47644e230e_JaffaCakes118
-
Size
821KB
-
MD5
26b78358c63710aeb562fb47644e230e
-
SHA1
a8a8734c0500e270c363a7df2bd82e70ff840495
-
SHA256
8bb96b66c673841d4a513bb85a94ee3ded5bd30689173e5be16ed69c30766a00
-
SHA512
30a4f2034492141cc341ebde56ae1d28cfdd5152275db7f7078e4338b09e0ba4cdeb5eb343cb2d73c0ef9600e50e3252ed9fdb0314ba2d5270d21479b9e5f5bb
-
SSDEEP
12288:9xzvtHKFjnkAqqCy/0GgjV4U3T+q7HpqWyTw424jDjNyCRSE7Y1niMjaR056mcfg:9xzlqFbLq5ogjzTxLmf24j9ymBkia2Y
-
Modifies security service
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables taskbar notifications via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1