6fba4f77289d1914029f66a23f9042232ceb2d5ee22bca2c323a806034138e3e | Triage

Submit
Reports

Overview

overview

Static

static

7

3250fbd90d...18.exe

windows7-x64

3250fbd90d...18.exe

windows10-2004-x64

7

Sharing

General

Target

3250fbd90d024c908106cbec8e9f51bc_JaffaCakes118
Size

41KB
Sample

240709-2wlc8a1bpm
MD5

3250fbd90d024c908106cbec8e9f51bc
SHA1

1778ea02760b5fc2c4215deb7ea3d04502f37345
SHA256

6fba4f77289d1914029f66a23f9042232ceb2d5ee22bca2c323a806034138e3e
SHA512

195fad238b9f0d62581afa13b8a9ff915c2f71d11f6ee7720b1dd59f75da7ece1c3101ad4a885aaca2d2c47b5e905410c169db8568f8223c95a0afc58fae67a3
SSDEEP

768:KvBgclfRsHJhSS2/TsiD9e12jECpBvU+z6Isas06E+:KE/nwTl9e12Jpu+z5ds06E

Score

10^/10

adware defense_evasion evasion persistence stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3250fbd90d024c908106cbec8e9f51bc_JaffaCakes118.exe

Resource

win7-20240704-en

adware defense_evasion evasion persistence stealer upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

3250fbd90d024c908106cbec8e9f51bc_JaffaCakes118.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  3250fbd90d024c908106cbec8e9f51bc_JaffaCakes118
- Size
  
  41KB
- MD5
  
  3250fbd90d024c908106cbec8e9f51bc
- SHA1
  
  1778ea02760b5fc2c4215deb7ea3d04502f37345
- SHA256
  
  6fba4f77289d1914029f66a23f9042232ceb2d5ee22bca2c323a806034138e3e
- SHA512
  
  195fad238b9f0d62581afa13b8a9ff915c2f71d11f6ee7720b1dd59f75da7ece1c3101ad4a885aaca2d2c47b5e905410c169db8568f8223c95a0afc58fae67a3
- SSDEEP
  
  768:KvBgclfRsHJhSS2/TsiD9e12jECpBvU+z6Isas06E+:KE/nwTl9e12Jpu+z5ds06E
Score

10^/10

adware defense_evasion evasion persistence stealer upx
- Modifies firewall policy service
  evasion
- Blocklisted process makes network request
- Drops file in Drivers directory
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Deletes itself
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Browser Extensions

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Safe Mode Boot

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwaredefense_evasionevasionpersistencestealerupx

behavioral2

© 2018-2025

Terms | Privacy