30bc4b2410e5caa5cd4675c884e2010eab617f4860bddf0959d62d620d62025f | Triage

Submit
Reports

Overview

overview

Static

static

3

2619f1bcec...18.exe

windows7-x64

2619f1bcec...18.exe

windows10-2004-x64

Sharing

General

Target

2619f1bcec24666f7ba94f5077474d88_JaffaCakes118
Size

350KB
Sample

240704-ywswhsyfpa
MD5

2619f1bcec24666f7ba94f5077474d88
SHA1

f1596187510b18584d56c8f9f861cb87f62fe0fe
SHA256

30bc4b2410e5caa5cd4675c884e2010eab617f4860bddf0959d62d620d62025f
SHA512

252e70ae912b61528cd0904d8974e6a33b69de05c423e532d76c5c6679f970c1a2eab8b7978f46b415746ec0fa1306e689c66ce28df77e662f7206960c15c37f
SSDEEP

6144:gDCwfG1bnxLERR9sadDCwfG1bnxLERR9sat:g72bntEL9/d72bntEL9/t

Score

10^/10

defense_evasion evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2619f1bcec24666f7ba94f5077474d88_JaffaCakes118.exe

Resource

win7-20240704-en

defense_evasion evasion persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

2619f1bcec24666f7ba94f5077474d88_JaffaCakes118.exe

Resource

win10v2004-20240508-en

defense_evasion evasion persistence

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  2619f1bcec24666f7ba94f5077474d88_JaffaCakes118
- Size
  
  350KB
- MD5
  
  2619f1bcec24666f7ba94f5077474d88
- SHA1
  
  f1596187510b18584d56c8f9f861cb87f62fe0fe
- SHA256
  
  30bc4b2410e5caa5cd4675c884e2010eab617f4860bddf0959d62d620d62025f
- SHA512
  
  252e70ae912b61528cd0904d8974e6a33b69de05c423e532d76c5c6679f970c1a2eab8b7978f46b415746ec0fa1306e689c66ce28df77e662f7206960c15c37f
- SSDEEP
  
  6144:gDCwfG1bnxLERR9sadDCwfG1bnxLERR9sat:g72bntEL9/d72bntEL9/t
Score

10^/10

defense_evasion evasion persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Impair Defenses

Safe Mode Boot

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

defense_evasionevasionpersistence

behavioral2

defense_evasionevasionpersistence

© 2018-2024

Terms | Privacy