b68b5627d4140641fbc69554c74365a83a3556bf1dc4650c35865a701276ead5 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

6863a88b97...18.exe

windows7-x64

7

6863a88b97...18.exe

windows10-2004-x64

8

Sharing

General

Target

6863a88b9753b6c0741f94d0a61a9078_JaffaCakes118
Size

148KB
Sample

240723-t9sepazbrl
MD5

6863a88b9753b6c0741f94d0a61a9078
SHA1

de64424880919984259418b598f414598e874a27
SHA256

b68b5627d4140641fbc69554c74365a83a3556bf1dc4650c35865a701276ead5
SHA512

5e9cfe21d1ee442024e0f47a49dccc2414ea804be75ceb8fa4ceefddac7fb3b01774bbf5676682a5735684c050cf1de3d75dee9a33d2f507b8dcd867d6b61af6
SSDEEP

3072:wDh380BMyJ1sizw4LiFjv7rveixfuHgmT0LeahNcnmhCGg:V0bPzw4Wjv7TzAHRZahNymY

Score

8^/10

adware discovery persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6863a88b9753b6c0741f94d0a61a9078_JaffaCakes118.exe

Resource

win7-20240704-en

adware discovery stealer upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

6863a88b9753b6c0741f94d0a61a9078_JaffaCakes118.exe

Resource

win10v2004-20240709-en

adware discovery persistence stealer upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  6863a88b9753b6c0741f94d0a61a9078_JaffaCakes118
- Size
  
  148KB
- MD5
  
  6863a88b9753b6c0741f94d0a61a9078
- SHA1
  
  de64424880919984259418b598f414598e874a27
- SHA256
  
  b68b5627d4140641fbc69554c74365a83a3556bf1dc4650c35865a701276ead5
- SHA512
  
  5e9cfe21d1ee442024e0f47a49dccc2414ea804be75ceb8fa4ceefddac7fb3b01774bbf5676682a5735684c050cf1de3d75dee9a33d2f507b8dcd867d6b61af6
- SSDEEP
  
  3072:wDh380BMyJ1sizw4LiFjv7rveixfuHgmT0LeahNcnmhCGg:V0bPzw4Wjv7TzAHRZahNymY
Score

8^/10

adware discovery stealer upx persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealerupx

behavioral2

adwarediscoverypersistencestealerupx

© 2018-2025

Terms | Privacy