0c2232d55d4275e9368adb11ef629d110d58e612e5e9fbe7e3775bae6101c02a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

27a30ef763...18.exe

windows7-x64

27a30ef763...18.exe

windows10-2004-x64

Sharing

General

Target

27a30ef763d0223d316e07bb34d5fcbe_JaffaCakes118
Size

128KB
Sample

240706-hqmjjszbqm
MD5

27a30ef763d0223d316e07bb34d5fcbe
SHA1

7e14319b52b9adc1cb465f8666a6fbcbf3efbe4c
SHA256

0c2232d55d4275e9368adb11ef629d110d58e612e5e9fbe7e3775bae6101c02a
SHA512

8ab4a671bf123cee8b2cd20122c645b6646d9a41e1342b77f3bbf9eb5d82ee34853241cbc7d3b3cc5b43fe92f2abc488a9f1535f9b3e4fee7df5cba79c792e72
SSDEEP

3072:IWQZSVrKlcfMCzdE7agNAz7K6Ddy8diw+ZiaAFE/PHIE3/3:IJuM46a4IfDdyj/WC/PI4

Score

10^/10

evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

27a30ef763d0223d316e07bb34d5fcbe_JaffaCakes118.exe

Resource

win7-20240704-en

evasion persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

27a30ef763d0223d316e07bb34d5fcbe_JaffaCakes118.exe

Resource

win10v2004-20240704-en

evasion persistence upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  27a30ef763d0223d316e07bb34d5fcbe_JaffaCakes118
- Size
  
  128KB
- MD5
  
  27a30ef763d0223d316e07bb34d5fcbe
- SHA1
  
  7e14319b52b9adc1cb465f8666a6fbcbf3efbe4c
- SHA256
  
  0c2232d55d4275e9368adb11ef629d110d58e612e5e9fbe7e3775bae6101c02a
- SHA512
  
  8ab4a671bf123cee8b2cd20122c645b6646d9a41e1342b77f3bbf9eb5d82ee34853241cbc7d3b3cc5b43fe92f2abc488a9f1535f9b3e4fee7df5cba79c792e72
- SSDEEP
  
  3072:IWQZSVrKlcfMCzdE7agNAz7K6Ddy8diw+ZiaAFE/PHIE3/3:IJuM46a4IfDdyj/WC/PI4
Score

10^/10

evasion persistence upx
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy