be92682a435ad66b1ca051475cbc80798296ea3ad042c41585f028b050825e0a | Triage

Submit
Reports

Overview

overview

Static

static

7

3fd1f524eb...18.exe

windows7-x64

3fd1f524eb...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

3fd1f524eb44f235052756f110a7d0ba_JaffaCakes118
Size

410KB
Sample

240713-cv6kbstgja
MD5

3fd1f524eb44f235052756f110a7d0ba
SHA1

184a1057536da4fc7af2918d72b683073d233543
SHA256

be92682a435ad66b1ca051475cbc80798296ea3ad042c41585f028b050825e0a
SHA512

85f2297898c087b4ecb3b9427118b62cbb21291f9ae5701507dd561d15a6f5addfe33220f2425be58796ef731c17a7849099c9a0412545394175ecd3536e42b9
SSDEEP

12288:SnNhuBoY8SorxgmA+nlvVlua2WMCZcMF1FR4U:SPatCg7EPAfecFU

Score

10^/10

evasion persistence upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

3fd1f524eb44f235052756f110a7d0ba_JaffaCakes118.exe

Resource

win7-20240708-en

evasion persistence upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

3fd1f524eb44f235052756f110a7d0ba_JaffaCakes118.exe

Resource

win10v2004-20240709-en

evasion persistence upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  3fd1f524eb44f235052756f110a7d0ba_JaffaCakes118
- Size
  
  410KB
- MD5
  
  3fd1f524eb44f235052756f110a7d0ba
- SHA1
  
  184a1057536da4fc7af2918d72b683073d233543
- SHA256
  
  be92682a435ad66b1ca051475cbc80798296ea3ad042c41585f028b050825e0a
- SHA512
  
  85f2297898c087b4ecb3b9427118b62cbb21291f9ae5701507dd561d15a6f5addfe33220f2425be58796ef731c17a7849099c9a0412545394175ecd3536e42b9
- SSDEEP
  
  12288:SnNhuBoY8SorxgmA+nlvVlua2WMCZcMF1FR4U:SPatCg7EPAfecFU
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy