68c559322f23f9e53a60612894bbde63522bc4767c3f0091c0dc376630d77a9b | Triage

Submit
Reports

Overview

overview

Static

static

7

15ce36876e...18.exe

windows7-x64

15ce36876e...18.exe

windows10-2004-x64

Sharing

General

Target

15ce36876e89037342a27711e0fe1edf_JaffaCakes118
Size

5.6MB
Sample

240627-nfenvaycmd
MD5

15ce36876e89037342a27711e0fe1edf
SHA1

056cdb7ed62775a602af4c47fae4fec470babf82
SHA256

68c559322f23f9e53a60612894bbde63522bc4767c3f0091c0dc376630d77a9b
SHA512

3f2523b3c77537812f5636c1b5b3a93554ab92d245fbae96a60b23d6691f360ac4348ab7b3d5acc4158dacbc45b62100d97f7cb922e0e32c2d726fb9e91575c8
SSDEEP

98304:i0qh0r0q2wf02GzMwDws0q40q0qC0FwwRZHwNwYwx0qJ0nwQ0Z0q/Npww2ewl0qG:i7effIPEsy58doQaTxLhQyZbIly38doz

Score

10^/10

adware persistence stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

15ce36876e89037342a27711e0fe1edf_JaffaCakes118.exe

Resource

win7-20240220-en

adware persistence stealer upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

15ce36876e89037342a27711e0fe1edf_JaffaCakes118.exe

Resource

win10v2004-20240611-en

adware persistence stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  15ce36876e89037342a27711e0fe1edf_JaffaCakes118
- Size
  
  5.6MB
- MD5
  
  15ce36876e89037342a27711e0fe1edf
- SHA1
  
  056cdb7ed62775a602af4c47fae4fec470babf82
- SHA256
  
  68c559322f23f9e53a60612894bbde63522bc4767c3f0091c0dc376630d77a9b
- SHA512
  
  3f2523b3c77537812f5636c1b5b3a93554ab92d245fbae96a60b23d6691f360ac4348ab7b3d5acc4158dacbc45b62100d97f7cb922e0e32c2d726fb9e91575c8
- SSDEEP
  
  98304:i0qh0r0q2wf02GzMwDws0q40q0qC0FwwRZHwNwYwx0qJ0nwQ0Z0q/Npww2ewl0qG:i7effIPEsy58doQaTxLhQyZbIly38doz
Score

10^/10

adware persistence stealer upx
- Modifies WinLogon for persistence
  persistence
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealerupx

behavioral2

adwarepersistencestealerupx

© 2018-2025

Terms | Privacy