1221a0330e4b3e2b3b140bf903e82cd2558f6d6e44403cc1d42a322a3f08487a | Triage

Submit
Reports

Overview

overview

8

Static

static

7

5d6ff1baea...18.exe

windows7-x64

8

5d6ff1baea...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

5d6ff1baea71e17c6865b177298e8265_JaffaCakes118
Size

407KB
Sample

240719-yl534azhrb
MD5

5d6ff1baea71e17c6865b177298e8265
SHA1

0326f6851f0b8e0abd016e2ba3f81006c0169845
SHA256

1221a0330e4b3e2b3b140bf903e82cd2558f6d6e44403cc1d42a322a3f08487a
SHA512

d3914308d0b51ad94a704ffa9198a62a284a4526f6af2f3065479fbc68c497c9c440a1636e35bacd66f6f73cb06bc27fb92a47d06f34fd3fffa88d123c364902
SSDEEP

12288:4eMpPonkZ6gUPXtmnO0lmH1a11Ukso6DtY0Iqjvg+:/Sok9omnjlw8PcYNMvX

Score

8^/10

persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5d6ff1baea71e17c6865b177298e8265_JaffaCakes118.exe

Resource

win7-20240704-en

persistence upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

5d6ff1baea71e17c6865b177298e8265_JaffaCakes118.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  5d6ff1baea71e17c6865b177298e8265_JaffaCakes118
- Size
  
  407KB
- MD5
  
  5d6ff1baea71e17c6865b177298e8265
- SHA1
  
  0326f6851f0b8e0abd016e2ba3f81006c0169845
- SHA256
  
  1221a0330e4b3e2b3b140bf903e82cd2558f6d6e44403cc1d42a322a3f08487a
- SHA512
  
  d3914308d0b51ad94a704ffa9198a62a284a4526f6af2f3065479fbc68c497c9c440a1636e35bacd66f6f73cb06bc27fb92a47d06f34fd3fffa88d123c364902
- SSDEEP
  
  12288:4eMpPonkZ6gUPXtmnO0lmH1a11Ukso6DtY0Iqjvg+:/Sok9omnjlw8PcYNMvX
Score

8^/10

persistence upx
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Molebox Virtualization software
  Detects file using Molebox Virtualization software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy