General
-
Target
253a01a3885449b469b5d48701c1f1b0_JaffaCakes118
-
Size
278KB
-
Sample
240704-j2gcca1hqq
-
MD5
253a01a3885449b469b5d48701c1f1b0
-
SHA1
c152218d2ed37052b8e5808c45246bbb0dd7f8cd
-
SHA256
54eead45e2f5c5d49a65e9b6d2ccb79dad19acd6952713dddbdb1deedac57936
-
SHA512
91f30a2ccf7f2ed339c7531f130058af77629ccf538da88c819b5994cfdc13ff343d4cd52bc676436de201ad2252e7db5f8a3692b50fee146c72681b3cc8f089
-
SSDEEP
6144:rwmpb9Zz43C+A9cvUEEpXYMSkDZcxOqcDIrM:rwml9t43CTAM1uZA
Static task
static1
Behavioral task
behavioral1
Sample
253a01a3885449b469b5d48701c1f1b0_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
253a01a3885449b469b5d48701c1f1b0_JaffaCakes118
-
Size
278KB
-
MD5
253a01a3885449b469b5d48701c1f1b0
-
SHA1
c152218d2ed37052b8e5808c45246bbb0dd7f8cd
-
SHA256
54eead45e2f5c5d49a65e9b6d2ccb79dad19acd6952713dddbdb1deedac57936
-
SHA512
91f30a2ccf7f2ed339c7531f130058af77629ccf538da88c819b5994cfdc13ff343d4cd52bc676436de201ad2252e7db5f8a3692b50fee146c72681b3cc8f089
-
SSDEEP
6144:rwmpb9Zz43C+A9cvUEEpXYMSkDZcxOqcDIrM:rwml9t43CTAM1uZA
-
Modifies security service
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1