3ef4e34138a241ab41fac742ccf74d4fcb931c00f17ead63d5eb908ba806788b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

71c029b283...18.exe

windows7-x64

9

71c029b283...18.exe

windows10-2004-x64

9

Sharing

General

Target

71c029b2837e98fb7d905aafb77e1d3b_JaffaCakes118
Size

554KB
Sample

240725-3sraqswbkg
MD5

71c029b2837e98fb7d905aafb77e1d3b
SHA1

d3bc34e884a018e284955803dca2b8bdfeb0ea2b
SHA256

3ef4e34138a241ab41fac742ccf74d4fcb931c00f17ead63d5eb908ba806788b
SHA512

6ab8781d208632ac7a9c252461a5b33549aed03b5e79ed8eea721aec452bfd544e495f2aeec4b49e7d4091eda258ccd2ee92fa8018a6e4dd1d24565aaecf3f27
SSDEEP

12288:C7mwrVCy9ztm9IELoTtAOi+Mg28m/Avaz9:olVC0ztmyEkGOi+P28moc9

Score

9^/10

discovery evasion upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

71c029b2837e98fb7d905aafb77e1d3b_JaffaCakes118.exe

Resource

win7-20240704-en

discovery evasion upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

71c029b2837e98fb7d905aafb77e1d3b_JaffaCakes118.exe

Resource

win10v2004-20240709-en

discovery evasion upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  71c029b2837e98fb7d905aafb77e1d3b_JaffaCakes118
- Size
  
  554KB
- MD5
  
  71c029b2837e98fb7d905aafb77e1d3b
- SHA1
  
  d3bc34e884a018e284955803dca2b8bdfeb0ea2b
- SHA256
  
  3ef4e34138a241ab41fac742ccf74d4fcb931c00f17ead63d5eb908ba806788b
- SHA512
  
  6ab8781d208632ac7a9c252461a5b33549aed03b5e79ed8eea721aec452bfd544e495f2aeec4b49e7d4091eda258ccd2ee92fa8018a6e4dd1d24565aaecf3f27
- SSDEEP
  
  12288:C7mwrVCy9ztm9IELoTtAOi+Mg28m/Avaz9:olVC0ztmyEkGOi+P28moc9
Score

9^/10

discovery evasion upx
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionupx

behavioral2

discoveryevasionupx

© 2018-2025

Terms | Privacy