bceb901a7c5b5e9ddbf2d74a5da4cbcf73c44c2d4bde6749cee8c4d53f38e775 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3705cc2935...18.exe

windows7-x64

7

3705cc2935...18.exe

windows10-2004-x64

7

Sharing

General

Target

3705cc2935a43d140d20f1d8ec41a9bb_JaffaCakes118
Size

186KB
Sample

240711-atts2a1dne
MD5

3705cc2935a43d140d20f1d8ec41a9bb
SHA1

1b1a4088266bbf840ee363dead9524c883757998
SHA256

bceb901a7c5b5e9ddbf2d74a5da4cbcf73c44c2d4bde6749cee8c4d53f38e775
SHA512

13e5bd039ea0a54d2719f496acbf177f524c82236f5b42b4cc1d7adb0166d577274f59250637485082a2d623298dfa7a83b930307b2f72392b8a9189e007535f
SSDEEP

3072:0n6vBEEvERgS1z1/rUP44bqPvtiFEoZkz8sCPUqHVQ1OWHkRqi/3HuNGRFIcqEI1:csrWm44WPKEL8sC8qHq1OWHi/39RCcbS

Score

7^/10

persistence spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3705cc2935a43d140d20f1d8ec41a9bb_JaffaCakes118.exe

Resource

win7-20240704-en

persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

3705cc2935a43d140d20f1d8ec41a9bb_JaffaCakes118.exe

Resource

win10v2004-20240709-en

persistence upx

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  3705cc2935a43d140d20f1d8ec41a9bb_JaffaCakes118
- Size
  
  186KB
- MD5
  
  3705cc2935a43d140d20f1d8ec41a9bb
- SHA1
  
  1b1a4088266bbf840ee363dead9524c883757998
- SHA256
  
  bceb901a7c5b5e9ddbf2d74a5da4cbcf73c44c2d4bde6749cee8c4d53f38e775
- SHA512
  
  13e5bd039ea0a54d2719f496acbf177f524c82236f5b42b4cc1d7adb0166d577274f59250637485082a2d623298dfa7a83b930307b2f72392b8a9189e007535f
- SSDEEP
  
  3072:0n6vBEEvERgS1z1/rUP44bqPvtiFEoZkz8sCPUqHVQ1OWHkRqi/3HuNGRFIcqEI1:csrWm44WPKEL8sC8qHq1OWHi/39RCcbS
Score

7^/10

persistence spyware stealer upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealerupx

behavioral2

© 2018-2025

Terms | Privacy