b092c0173e46fe385eb002a0faf1bfb6432194ded5de8d3ca99ff9ec19fbca8a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

66b9ae16c0...18.exe

windows7-x64

66b9ae16c0...18.exe

windows10-2004-x64

Sharing

General

Target

66b9ae16c073bbb3ab2389e72318cf1b_JaffaCakes118
Size

68KB
Sample

240723-jplraswcnm
MD5

66b9ae16c073bbb3ab2389e72318cf1b
SHA1

e50ceab851ed8a4a4bcaaa0f3a53cedcd8bc8485
SHA256

b092c0173e46fe385eb002a0faf1bfb6432194ded5de8d3ca99ff9ec19fbca8a
SHA512

cb9344e01e782000314689dbcee5dbd55da0ee70e274590831101f4ce4a7498f36d23dfe4be0b50eb7f09d64e9d7a3aba3c105596830dda917c82cf1938431af
SSDEEP

768:PTxrUL23qmT5o7B51+6TS+MoRoOUf5cx8zf6t/5HNk3AEoOvx1Q3i5nR09QzTGfc:15oln+NoRoOUfGft/fAAEoObwQ0g

Score

10^/10

evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

66b9ae16c073bbb3ab2389e72318cf1b_JaffaCakes118.exe

Resource

win7-20240708-en

evasion persistence upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

66b9ae16c073bbb3ab2389e72318cf1b_JaffaCakes118.exe

Resource

win10v2004-20240709-en

evasion persistence upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  66b9ae16c073bbb3ab2389e72318cf1b_JaffaCakes118
- Size
  
  68KB
- MD5
  
  66b9ae16c073bbb3ab2389e72318cf1b
- SHA1
  
  e50ceab851ed8a4a4bcaaa0f3a53cedcd8bc8485
- SHA256
  
  b092c0173e46fe385eb002a0faf1bfb6432194ded5de8d3ca99ff9ec19fbca8a
- SHA512
  
  cb9344e01e782000314689dbcee5dbd55da0ee70e274590831101f4ce4a7498f36d23dfe4be0b50eb7f09d64e9d7a3aba3c105596830dda917c82cf1938431af
- SSDEEP
  
  768:PTxrUL23qmT5o7B51+6TS+MoRoOUf5cx8zf6t/5HNk3AEoOvx1Q3i5nR09QzTGfc:15oln+NoRoOUfGft/fAAEoObwQ0g
Score

10^/10

evasion persistence upx
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Change Default File Association

Image File Execution Options Injection

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy