40e7148d075f5b528df9b7d60ccd54169faeec3ca41e519bebbe8da813e3b8c1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

1c8575d5be...18.exe

windows7-x64

8

1c8575d5be...18.exe

windows10-2004-x64

8

Sharing

General

Target

1c8575d5be57704d35f150dc101e5eca_JaffaCakes118
Size

250KB
Sample

240701-z3xnqatfnp
MD5

1c8575d5be57704d35f150dc101e5eca
SHA1

1eb97ec2d13018f35a91a5d30ef1faf703e195e7
SHA256

40e7148d075f5b528df9b7d60ccd54169faeec3ca41e519bebbe8da813e3b8c1
SHA512

69ffcd817b32c6744ef4ce3839945e2a90d67259bdbf568aa674112a96913d37bff47383b8fcedf0c07edda889c071378b050fd3cada2d4a6dd1b8d90a0d9e54
SSDEEP

6144:yhieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:PeKrJJuf86AYcwoaoSbr

Score

8^/10

execution persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1c8575d5be57704d35f150dc101e5eca_JaffaCakes118.exe

Resource

win7-20240221-en

execution persistence upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

1c8575d5be57704d35f150dc101e5eca_JaffaCakes118.exe

Resource

win10v2004-20240611-en

execution persistence upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  1c8575d5be57704d35f150dc101e5eca_JaffaCakes118
- Size
  
  250KB
- MD5
  
  1c8575d5be57704d35f150dc101e5eca
- SHA1
  
  1eb97ec2d13018f35a91a5d30ef1faf703e195e7
- SHA256
  
  40e7148d075f5b528df9b7d60ccd54169faeec3ca41e519bebbe8da813e3b8c1
- SHA512
  
  69ffcd817b32c6744ef4ce3839945e2a90d67259bdbf568aa674112a96913d37bff47383b8fcedf0c07edda889c071378b050fd3cada2d4a6dd1b8d90a0d9e54
- SSDEEP
  
  6144:yhieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:PeKrJJuf86AYcwoaoSbr
Score

8^/10

execution persistence upx
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistenceupx

behavioral2

executionpersistenceupx

© 2018-2025

Terms | Privacy