d42f35731185544398c4527b7c60fa2bef572706f1a715a225197f95996676b0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

3215ebfa35...18.exe

windows7-x64

8

3215ebfa35...18.exe

windows10-2004-x64

8

Sharing

General

Target

3215ebfa35ddbb57a2bf5ee5a3f9c860_JaffaCakes118
Size

123KB
Sample

240709-1kr6ysxdqp
MD5

3215ebfa35ddbb57a2bf5ee5a3f9c860
SHA1

84787514e65e25fd1a73d5576223401fd716346e
SHA256

d42f35731185544398c4527b7c60fa2bef572706f1a715a225197f95996676b0
SHA512

de11d0e238cac3e49ef7e9b5c27fe44d7a8a63c9248def9c35b6db445728ded2b9803414242606d132dcdcfa6767bb465d927f47bb99b2daead77f8980dc73e4
SSDEEP

3072:NeSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLsUgS:NVYrJrOSsRwcpdgS

Score

8^/10

upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3215ebfa35ddbb57a2bf5ee5a3f9c860_JaffaCakes118.exe

Resource

win7-20240705-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

3215ebfa35ddbb57a2bf5ee5a3f9c860_JaffaCakes118.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  3215ebfa35ddbb57a2bf5ee5a3f9c860_JaffaCakes118
- Size
  
  123KB
- MD5
  
  3215ebfa35ddbb57a2bf5ee5a3f9c860
- SHA1
  
  84787514e65e25fd1a73d5576223401fd716346e
- SHA256
  
  d42f35731185544398c4527b7c60fa2bef572706f1a715a225197f95996676b0
- SHA512
  
  de11d0e238cac3e49ef7e9b5c27fe44d7a8a63c9248def9c35b6db445728ded2b9803414242606d132dcdcfa6767bb465d927f47bb99b2daead77f8980dc73e4
- SSDEEP
  
  3072:NeSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLsUgS:NVYrJrOSsRwcpdgS
Score

8^/10

upx
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy