daeabb4f77670f7b24e89bf05e25bd5d17c5679fb6f3fa5baee1ba2d27ae9220 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

61c07b94aa...18.exe

windows7-x64

8

61c07b94aa...18.exe

windows10-2004-x64

7

Sharing

General

Target

61c07b94aa1b119e673c69838173ec9b_JaffaCakes118
Size

2.0MB
Sample

240521-cyrwcafd4w
MD5

61c07b94aa1b119e673c69838173ec9b
SHA1

fff5dc6b40eedc988c615538c1bf2b03bb187680
SHA256

daeabb4f77670f7b24e89bf05e25bd5d17c5679fb6f3fa5baee1ba2d27ae9220
SHA512

f3758568f3706bf9c89e74669b472f1853a5d0694af4e2bb466154f1a9ba0ce75b0ad1a0b9cb3c0a60a81b96a758e4a4c80e1f60d93982ee98d13ff7b3f1f988
SSDEEP

49152:cUwT0VCJYbHkap4puMVV+cNOQTkcUK77ny+A+hAC/PjyOiPmYa/imLQbf:0WK+HfVUxOQTkRKXdA+JzyOYmFVQbf

Score

8^/10

evasion execution upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

61c07b94aa1b119e673c69838173ec9b_JaffaCakes118.exe

Resource

win7-20240220-en

evasion execution upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

61c07b94aa1b119e673c69838173ec9b_JaffaCakes118.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  61c07b94aa1b119e673c69838173ec9b_JaffaCakes118
- Size
  
  2.0MB
- MD5
  
  61c07b94aa1b119e673c69838173ec9b
- SHA1
  
  fff5dc6b40eedc988c615538c1bf2b03bb187680
- SHA256
  
  daeabb4f77670f7b24e89bf05e25bd5d17c5679fb6f3fa5baee1ba2d27ae9220
- SHA512
  
  f3758568f3706bf9c89e74669b472f1853a5d0694af4e2bb466154f1a9ba0ce75b0ad1a0b9cb3c0a60a81b96a758e4a4c80e1f60d93982ee98d13ff7b3f1f988
- SSDEEP
  
  49152:cUwT0VCJYbHkap4puMVV+cNOQTkcUK77ny+A+hAC/PjyOiPmYa/imLQbf:0WK+HfVUxOQTkRKXdA+JzyOYmFVQbf
Score

8^/10

evasion execution upx
- Blocklisted process makes network request
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionexecutionupx

behavioral2

© 2018-2025

Terms | Privacy