966aca0c911a114a970bd05a207a6421b463315c0916f6a5b87141c4c7252084 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

6319fba403...18.exe

windows7-x64

7

6319fba403...18.exe

windows10-2004-x64

7

Sharing

General

Target

6319fba403cf5d1554fa4f344c2af221_JaffaCakes118
Size

1.8MB
Sample

240722-nwr9wawbkg
MD5

6319fba403cf5d1554fa4f344c2af221
SHA1

da5b2d0c75b6e4010d03b467a513203b854972dd
SHA256

966aca0c911a114a970bd05a207a6421b463315c0916f6a5b87141c4c7252084
SHA512

9cf13647dcb9b7200e87fbffb0a130f65abb768a62f336465c157834eab54a5e906882b6f2e53c01859c6c7c35873e0e135cc2f55da18e585b788d39a1c8096f
SSDEEP

49152:SGeqHcpUcmELGROOG4Adl2Dbs7Q5I8RZvI2C+:DexpUFMGQOGZn2yKBRF

Score

7^/10

persistence spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6319fba403cf5d1554fa4f344c2af221_JaffaCakes118.exe

Resource

win7-20240704-en

persistence spyware stealer upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

6319fba403cf5d1554fa4f344c2af221_JaffaCakes118.exe

Resource

win10v2004-20240709-en

persistence spyware stealer upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  6319fba403cf5d1554fa4f344c2af221_JaffaCakes118
- Size
  
  1.8MB
- MD5
  
  6319fba403cf5d1554fa4f344c2af221
- SHA1
  
  da5b2d0c75b6e4010d03b467a513203b854972dd
- SHA256
  
  966aca0c911a114a970bd05a207a6421b463315c0916f6a5b87141c4c7252084
- SHA512
  
  9cf13647dcb9b7200e87fbffb0a130f65abb768a62f336465c157834eab54a5e906882b6f2e53c01859c6c7c35873e0e135cc2f55da18e585b788d39a1c8096f
- SSDEEP
  
  49152:SGeqHcpUcmELGROOG4Adl2Dbs7Q5I8RZvI2C+:DexpUFMGQOGZn2yKBRF
Score

7^/10

persistence spyware stealer upx
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealerupx

behavioral2

persistencespywarestealerupx

© 2018-2025

Terms | Privacy