3305ace4b88f14bec787c580c5c5646b498f2e0afc756990828c3689bd9a4db7 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

445f84bb85...18.exe

windows7-x64

8

445f84bb85...18.exe

windows10-2004-x64

8

Sharing

General

Target

445f84bb85b3adb0b10ddbf19dca8722_JaffaCakes118
Size

13KB
Sample

240714-ff18vazcjc
MD5

445f84bb85b3adb0b10ddbf19dca8722
SHA1

c4a4c9c753d5f20ce763e7878bc1b069a4c51330
SHA256

3305ace4b88f14bec787c580c5c5646b498f2e0afc756990828c3689bd9a4db7
SHA512

eedb0a4fdeb9a3618c9da18944e2bce44f774f77f4a1bfa44c97626d8421323877c4493c90a20f9cdd095d6434aff47ec43badd46d8e2e1045035149e923aa9e
SSDEEP

192:kg3H6KuyrY3VvkLJDqTIOL1NGrWqyviL9TWIGyooMhN2Up8Ts7oU4xDng8X/:968wTImNGiLORWIG3428TdHNv

Score

8^/10

persistence privilege_escalation upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

445f84bb85b3adb0b10ddbf19dca8722_JaffaCakes118.exe

Resource

win7-20240704-en

persistence privilege_escalation upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

445f84bb85b3adb0b10ddbf19dca8722_JaffaCakes118.exe

Resource

win10v2004-20240709-en

persistence privilege_escalation upx

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  445f84bb85b3adb0b10ddbf19dca8722_JaffaCakes118
- Size
  
  13KB
- MD5
  
  445f84bb85b3adb0b10ddbf19dca8722
- SHA1
  
  c4a4c9c753d5f20ce763e7878bc1b069a4c51330
- SHA256
  
  3305ace4b88f14bec787c580c5c5646b498f2e0afc756990828c3689bd9a4db7
- SHA512
  
  eedb0a4fdeb9a3618c9da18944e2bce44f774f77f4a1bfa44c97626d8421323877c4493c90a20f9cdd095d6434aff47ec43badd46d8e2e1045035149e923aa9e
- SSDEEP
  
  192:kg3H6KuyrY3VvkLJDqTIOL1NGrWqyviL9TWIGyooMhN2Up8Ts7oU4xDng8X/:968wTImNGiLORWIG3428TdHNv
Score

8^/10

persistence privilege_escalation upx
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalationupx

behavioral2

persistenceprivilege_escalationupx

© 2018-2025

Terms | Privacy