1d3e3b5f4efa671ae7858d0c082c1cf86930293b9243eebf2ca0239e09d26344 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

444ffd2c05...18.exe

windows7-x64

444ffd2c05...18.exe

windows10-2004-x64

Sharing

General

Target

444ffd2c05db0948b9e701808c4b1a4b_JaffaCakes118
Size

340KB
Sample

240714-e4wgtsygre
MD5

444ffd2c05db0948b9e701808c4b1a4b
SHA1

d005827f5eccd133506fd52c814336dd98ba83fb
SHA256

1d3e3b5f4efa671ae7858d0c082c1cf86930293b9243eebf2ca0239e09d26344
SHA512

4a57a41e9d533077f0fbbe98a0e75aca236806b31f87f7ea3a059e5d4c8e92704b07ea8dfd41028747117224a07fe4f2f146597cb9c4924501d73f53563df080
SSDEEP

3072:GWSHWiNo/ftfQKAc94/3bXZ3Nk6Rk3+X8TKhPUrpljE2Ej5jE2Ej5jE2Ej8:GWZfec9EbXDk6RkQKjE2EBE2EBE2E4

Score

10^/10

evasion execution persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

444ffd2c05db0948b9e701808c4b1a4b_JaffaCakes118.exe

Resource

win7-20240708-en

evasion execution persistence upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

444ffd2c05db0948b9e701808c4b1a4b_JaffaCakes118.exe

Resource

win10v2004-20240709-en

evasion execution persistence upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  444ffd2c05db0948b9e701808c4b1a4b_JaffaCakes118
- Size
  
  340KB
- MD5
  
  444ffd2c05db0948b9e701808c4b1a4b
- SHA1
  
  d005827f5eccd133506fd52c814336dd98ba83fb
- SHA256
  
  1d3e3b5f4efa671ae7858d0c082c1cf86930293b9243eebf2ca0239e09d26344
- SHA512
  
  4a57a41e9d533077f0fbbe98a0e75aca236806b31f87f7ea3a059e5d4c8e92704b07ea8dfd41028747117224a07fe4f2f146597cb9c4924501d73f53563df080
- SSDEEP
  
  3072:GWSHWiNo/ftfQKAc94/3bXZ3Nk6Rk3+X8TKhPUrpljE2Ej5jE2Ej5jE2Ej8:GWZfec9EbXDk6RkQKjE2EBE2EBE2E4
Score

10^/10

evasion execution persistence upx
- Disables service(s)
  evasion execution
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionpersistenceupx

behavioral2

evasionexecutionpersistenceupx

© 2018-2025

Terms | Privacy