e184ddb99ea689aa34f6374c51b77e5bed16ef0ddf558e5ea0ff46b439fbf6cd | Triage

Submit
Reports

Overview

overview

9

Static

static

7

3971a17dfe...18.exe

windows7-x64

9

3971a17dfe...18.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

3971a17dfe31449440d7f974e353fc55_JaffaCakes118
Size

3.5MB
Sample

240711-rfb5hazarl
MD5

3971a17dfe31449440d7f974e353fc55
SHA1

3b471ff12b6bf746624ff47169b2e63481f22be7
SHA256

e184ddb99ea689aa34f6374c51b77e5bed16ef0ddf558e5ea0ff46b439fbf6cd
SHA512

f0dc3b56346a9608999f7c4daa949861eb7c9a104d4fcf2a33ded5320e239c86679b5d4435f13500bfdbb3de4d06c7ed91d49bd21d966bf88d1fa914107bbe79
SSDEEP

98304:BPsll0cd2I2kgozrQG1pGpl6u+dY1hfhRGeJTk:BPsbdCgz5zol63dyhO2Tk

Score

9^/10

defense_evasion evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3971a17dfe31449440d7f974e353fc55_JaffaCakes118.exe

Resource

win7-20240704-en

defense_evasion evasion persistence upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

3971a17dfe31449440d7f974e353fc55_JaffaCakes118.exe

Resource

win10v2004-20240709-en

defense_evasion evasion persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  3971a17dfe31449440d7f974e353fc55_JaffaCakes118
- Size
  
  3.5MB
- MD5
  
  3971a17dfe31449440d7f974e353fc55
- SHA1
  
  3b471ff12b6bf746624ff47169b2e63481f22be7
- SHA256
  
  e184ddb99ea689aa34f6374c51b77e5bed16ef0ddf558e5ea0ff46b439fbf6cd
- SHA512
  
  f0dc3b56346a9608999f7c4daa949861eb7c9a104d4fcf2a33ded5320e239c86679b5d4435f13500bfdbb3de4d06c7ed91d49bd21d966bf88d1fa914107bbe79
- SSDEEP
  
  98304:BPsll0cd2I2kgozrQG1pGpl6u+dY1hfhRGeJTk:BPsbdCgz5zol63dyhO2Tk
Score

9^/10

defense_evasion evasion persistence upx
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- Disables RegEdit via registry modification
  evasion
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Image File Execution Options Injection

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionevasionpersistenceupx

behavioral2

defense_evasionevasionpersistenceupx

© 2018-2025

Terms | Privacy