b341f43b5b157c9719d839b3e768c921338443bf7e2e1b835f1f3a4be3efa416 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

2ccc661089...18.exe

windows7-x64

2ccc661089...18.exe

windows10-2004-x64

Sharing

General

Target

2ccc661089b5ed1583e7837fcf701aaf_JaffaCakes118
Size

1.5MB
Sample

240708-sjk29axdkc
MD5

2ccc661089b5ed1583e7837fcf701aaf
SHA1

06b46194964cd43f12c9b7f15bb2f425d93b3c3b
SHA256

b341f43b5b157c9719d839b3e768c921338443bf7e2e1b835f1f3a4be3efa416
SHA512

2965fc9927f607afe9d2f460220c2621e1c6c4babeb96b5b9cd120e1964805eb9ef8f01177c73ab344084f66baa3c2fb2190ff3aba514498c436fd44b7592135
SSDEEP

24576:3uhaperQZb+md4wmaerQZb+md4wmieZJ8NI8/ETKwNJqsaS2ROv:YYerQZbd2+erQZbd2f8/ETNflqROv

Score

10^/10

evasion execution persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2ccc661089b5ed1583e7837fcf701aaf_JaffaCakes118.exe

Resource

win7-20240705-en

evasion execution persistence upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

2ccc661089b5ed1583e7837fcf701aaf_JaffaCakes118.exe

Resource

win10v2004-20240708-en

evasion execution persistence upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  2ccc661089b5ed1583e7837fcf701aaf_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  2ccc661089b5ed1583e7837fcf701aaf
- SHA1
  
  06b46194964cd43f12c9b7f15bb2f425d93b3c3b
- SHA256
  
  b341f43b5b157c9719d839b3e768c921338443bf7e2e1b835f1f3a4be3efa416
- SHA512
  
  2965fc9927f607afe9d2f460220c2621e1c6c4babeb96b5b9cd120e1964805eb9ef8f01177c73ab344084f66baa3c2fb2190ff3aba514498c436fd44b7592135
- SSDEEP
  
  24576:3uhaperQZb+md4wmaerQZb+md4wmieZJ8NI8/ETKwNJqsaS2ROv:YYerQZbd2+erQZbd2f8/ETNflqROv
Score

10^/10

evasion execution persistence upx
- Disables service(s)
  evasion execution
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionpersistenceupx

behavioral2

evasionexecutionpersistenceupx

© 2018-2025

Terms | Privacy