862c3744f321557142a17753624cf29762861e9ec65cc9ceec79a1edde93dd1e | Triage

Submit
Reports

Overview

overview

Static

static

3

17b739e302...18.exe

windows7-x64

17b739e302...18.exe

windows10-2004-x64

Sharing

General

Target

17b739e3023ebe3b9a31e1d8e437ce2e_JaffaCakes118
Size

43KB
Sample

240627-14pvyawfrl
MD5

17b739e3023ebe3b9a31e1d8e437ce2e
SHA1

0544351944103cd293586513939ae87447318011
SHA256

862c3744f321557142a17753624cf29762861e9ec65cc9ceec79a1edde93dd1e
SHA512

09035361acc60636b2a58bbc0967c9565217787c3a8917e09960849ad25f19107e36efdab5727513f96e8459d91f36e5fa2476fabd3b49ac7c2657b2d07f6fe1
SSDEEP

768:edK9PrqC1lSQ1l3rc4GpOIes5efLvDDe/3Za80rgqNdAAoRhmwRh/E12:eMtGVQn3YuIZ8fTDD6YVrgkdAAoR7b/3

Score

10^/10

persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

17b739e3023ebe3b9a31e1d8e437ce2e_JaffaCakes118.exe

Resource

win7-20240508-en

persistence upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

17b739e3023ebe3b9a31e1d8e437ce2e_JaffaCakes118.exe

Resource

win10v2004-20240508-en

persistence upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://chaliang.115ku.cn/8348/yahooo.htm%22,0%29%28window.close%29

Targets

- Target
  
  17b739e3023ebe3b9a31e1d8e437ce2e_JaffaCakes118
- Size
  
  43KB
- MD5
  
  17b739e3023ebe3b9a31e1d8e437ce2e
- SHA1
  
  0544351944103cd293586513939ae87447318011
- SHA256
  
  862c3744f321557142a17753624cf29762861e9ec65cc9ceec79a1edde93dd1e
- SHA512
  
  09035361acc60636b2a58bbc0967c9565217787c3a8917e09960849ad25f19107e36efdab5727513f96e8459d91f36e5fa2476fabd3b49ac7c2657b2d07f6fe1
- SSDEEP
  
  768:edK9PrqC1lSQ1l3rc4GpOIes5efLvDDe/3Za80rgqNdAAoRhmwRh/E12:eMtGVQn3YuIZ8fTDD6YVrgkdAAoR7b/3
Score

10^/10

persistence upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy