a4401d5920e077896b539c3c3eedb23bdcf9b89de528097cbe9a3c34af3552f5 | Triage

Submit
Reports

Overview

overview

Static

static

7

6f637e6bb8...18.exe

windows7-x64

6f637e6bb8...18.exe

windows10-2004-x64

Sharing

General

Target

6f637e6bb8c8575444af31bd6fdc7d90_JaffaCakes118
Size

132KB
Sample

240725-nmay8swepn
MD5

6f637e6bb8c8575444af31bd6fdc7d90
SHA1

4b42452f6b1fab471d49e69d24f5a472db25d47d
SHA256

a4401d5920e077896b539c3c3eedb23bdcf9b89de528097cbe9a3c34af3552f5
SHA512

03289a97e4b8fc75b204555587afeebff6598806244eb99d564435becd28f3a053fade0b9438ff8906e090ae04edfe4d568c73cc97c3a0c072a738fbcca88734
SSDEEP

3072:qSyD3aBzVf+v3ukxBhVYsP28q/D9d+t22hh9FXj3xZb4:oDapYXDh2Oq/GZ5bv4

Score

10^/10

discovery evasion persistence privilege_escalation upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6f637e6bb8c8575444af31bd6fdc7d90_JaffaCakes118.exe

Resource

win7-20240708-en

discovery evasion persistence privilege_escalation upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6f637e6bb8c8575444af31bd6fdc7d90_JaffaCakes118.exe

Resource

win10v2004-20240709-en

discovery evasion persistence privilege_escalation upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  6f637e6bb8c8575444af31bd6fdc7d90_JaffaCakes118
- Size
  
  132KB
- MD5
  
  6f637e6bb8c8575444af31bd6fdc7d90
- SHA1
  
  4b42452f6b1fab471d49e69d24f5a472db25d47d
- SHA256
  
  a4401d5920e077896b539c3c3eedb23bdcf9b89de528097cbe9a3c34af3552f5
- SHA512
  
  03289a97e4b8fc75b204555587afeebff6598806244eb99d564435becd28f3a053fade0b9438ff8906e090ae04edfe4d568c73cc97c3a0c072a738fbcca88734
- SSDEEP
  
  3072:qSyD3aBzVf+v3ukxBhVYsP28q/D9d+t22hh9FXj3xZb4:oDapYXDh2Oq/GZ5bv4
Score

10^/10

discovery evasion persistence privilege_escalation upx
- Modifies firewall policy service
  evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationupx

behavioral2

discoveryevasionpersistenceprivilege_escalationupx

© 2018-2025

Terms | Privacy