13eeac587c8a32a64847568f99a60012534647fe9540cc0b540df4e113dcf0f2 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

2aa795e7dc...18.dll

windows7-x64

8

2aa795e7dc...18.dll

windows10-2004-x64

8

Sharing

General

Target

2aa795e7dcf3bd2b601a890711c892f4_JaffaCakes118
Size

60KB
Sample

240708-ct9klaxhnn
MD5

2aa795e7dcf3bd2b601a890711c892f4
SHA1

305a0fb64296f3c27d4af02803312b3aff9afc24
SHA256

13eeac587c8a32a64847568f99a60012534647fe9540cc0b540df4e113dcf0f2
SHA512

3247e7a64684f215488e083436c446e0450ad61925fbca291ef54eee47958db86058c06cf900b561da9a8fb7ff2f1071675d26d3dfb1a91615cbaf4bdb206a3b
SSDEEP

1536:CJiYU3BtpCdtWMrd4IJfzc5TOtnVxhxMU:CJil3BHCdtWxSLMTOtVxgU

Score

8^/10

persistence privilege_escalation vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2aa795e7dcf3bd2b601a890711c892f4_JaffaCakes118.dll

Resource

win7-20240220-en

persistence privilege_escalation vmprotect

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

2aa795e7dcf3bd2b601a890711c892f4_JaffaCakes118.dll

Resource

win10v2004-20240704-en

persistence privilege_escalation vmprotect

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2aa795e7dcf3bd2b601a890711c892f4_JaffaCakes118
- Size
  
  60KB
- MD5
  
  2aa795e7dcf3bd2b601a890711c892f4
- SHA1
  
  305a0fb64296f3c27d4af02803312b3aff9afc24
- SHA256
  
  13eeac587c8a32a64847568f99a60012534647fe9540cc0b540df4e113dcf0f2
- SHA512
  
  3247e7a64684f215488e083436c446e0450ad61925fbca291ef54eee47958db86058c06cf900b561da9a8fb7ff2f1071675d26d3dfb1a91615cbaf4bdb206a3b
- SSDEEP
  
  1536:CJiYU3BtpCdtWMrd4IJfzc5TOtnVxhxMU:CJil3BHCdtWxSLMTOtVxgU
Score

8^/10

persistence privilege_escalation vmprotect
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalationvmprotect

behavioral2

persistenceprivilege_escalationvmprotect

© 2018-2025

Terms | Privacy