f3763ecfc43bf030eea7428843bcd6a2767c65884b3ca8f44097441ce0d8d8df | Triage

Submit
Reports

Overview

overview

8

Static

static

7

81c715ac91...18.exe

windows7-x64

8

81c715ac91...18.exe

windows10-2004-x64

8

Sharing

General

Target

81c715ac916b7a3dc2de6e37bfd7542a_JaffaCakes118
Size

123KB
Sample

240801-z9mr4a1cjh
MD5

81c715ac916b7a3dc2de6e37bfd7542a
SHA1

65e77e69ae94b92c32740002c6b8f69aa314e838
SHA256

f3763ecfc43bf030eea7428843bcd6a2767c65884b3ca8f44097441ce0d8d8df
SHA512

056b934e3020ccb6087be8d6ffaccd4e530b70a39e17d3256b2fcbcb5368ab65ff6e93452b6ed605ef932a4fb08a6743877bc6671ed424db55417c65fad8c108
SSDEEP

3072:ueSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLLAjmZd:uVYrJrOSsRwcpSa

Score

8^/10

discovery upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

81c715ac916b7a3dc2de6e37bfd7542a_JaffaCakes118.exe

Resource

win7-20240708-en

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

81c715ac916b7a3dc2de6e37bfd7542a_JaffaCakes118.exe

Resource

win10v2004-20240730-en

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  81c715ac916b7a3dc2de6e37bfd7542a_JaffaCakes118
- Size
  
  123KB
- MD5
  
  81c715ac916b7a3dc2de6e37bfd7542a
- SHA1
  
  65e77e69ae94b92c32740002c6b8f69aa314e838
- SHA256
  
  f3763ecfc43bf030eea7428843bcd6a2767c65884b3ca8f44097441ce0d8d8df
- SHA512
  
  056b934e3020ccb6087be8d6ffaccd4e530b70a39e17d3256b2fcbcb5368ab65ff6e93452b6ed605ef932a4fb08a6743877bc6671ed424db55417c65fad8c108
- SSDEEP
  
  3072:ueSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLLAjmZd:uVYrJrOSsRwcpSa
Score

8^/10

discovery upx
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy