844905e4d0e3face9b9eb85c0903950ebd1fb579d47a084565b474237290273f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

48574ff5d7...18.exe

windows7-x64

8

48574ff5d7...18.exe

windows10-2004-x64

1

Sharing

General

Target

48574ff5d7066a572477655c456ec893_JaffaCakes118
Size

4.6MB
Sample

240715-fqy68ssbqb
MD5

48574ff5d7066a572477655c456ec893
SHA1

df59b7d5a84f19f8672a11b75ab19d7221f81252
SHA256

844905e4d0e3face9b9eb85c0903950ebd1fb579d47a084565b474237290273f
SHA512

b01bdca51c647624397a69a0d7204d6b06681aa3ba2c778fe6349781df3142adcc542919aaa5d5fd155c902f645381ea69600b8c5c3a655a140dbc609e05e261
SSDEEP

98304:tYXiyksWjebdvQvhidC0PBtyVniz2wX9arLCpu6JrMlYp3fOUIkDK:miUWwKidC0Zt7ptxpzrMlYp7fK

Score

8^/10

evasion execution persistence privilege_escalation themida

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

48574ff5d7066a572477655c456ec893_JaffaCakes118.exe

Resource

win7-20240704-en

evasion execution persistence privilege_escalation themida

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

48574ff5d7066a572477655c456ec893_JaffaCakes118.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  48574ff5d7066a572477655c456ec893_JaffaCakes118
- Size
  
  4.6MB
- MD5
  
  48574ff5d7066a572477655c456ec893
- SHA1
  
  df59b7d5a84f19f8672a11b75ab19d7221f81252
- SHA256
  
  844905e4d0e3face9b9eb85c0903950ebd1fb579d47a084565b474237290273f
- SHA512
  
  b01bdca51c647624397a69a0d7204d6b06681aa3ba2c778fe6349781df3142adcc542919aaa5d5fd155c902f645381ea69600b8c5c3a655a140dbc609e05e261
- SSDEEP
  
  98304:tYXiyksWjebdvQvhidC0PBtyVniz2wX9arLCpu6JrMlYp3fOUIkDK:miUWwKidC0Zt7ptxpzrMlYp7fK
Score

8^/10

evasion execution persistence privilege_escalation themida
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion execution
- Uses Session Manager for persistence
  Creates Session Manager registry key to run executable early in system boot.
  persistence
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionpersistenceprivilege_escalationthemida

behavioral2

© 2018-2025

Terms | Privacy