8acd1a17583964daef8c49d20f2c970576241810cd3c91dbd8d24efe77cc1b50 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8535fc494a...18.exe

windows7-x64

7

8535fc494a...18.exe

windows10-2004-x64

7

Sharing

General

Target

8535fc494a078ec7b975908dd91a04e0_JaffaCakes118
Size

982KB
Sample

240810-hw5x3szflk
MD5

8535fc494a078ec7b975908dd91a04e0
SHA1

8546009f7f1466e4f7eb1cac4fe246af2963b1d5
SHA256

8acd1a17583964daef8c49d20f2c970576241810cd3c91dbd8d24efe77cc1b50
SHA512

558f029c9a99385e9ceffc9450619d0c0f3eb8be02e3ccde275fa5dedb2b8c98aff5a235435ae1a7552ff76ab5ac0fd40fae0467659d1c66f916eb17321a6af7
SSDEEP

24576:QFszWS5unaLSnYTwGJ+xCXdgVtgzEwe2Xp+8YKdxGHzcDJ:QxaOYTwM+ct2PKdqADJ

Score

7^/10

discovery persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8535fc494a078ec7b975908dd91a04e0_JaffaCakes118.exe

Resource

win7-20240708-en

discovery persistence upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

8535fc494a078ec7b975908dd91a04e0_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery persistence upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  8535fc494a078ec7b975908dd91a04e0_JaffaCakes118
- Size
  
  982KB
- MD5
  
  8535fc494a078ec7b975908dd91a04e0
- SHA1
  
  8546009f7f1466e4f7eb1cac4fe246af2963b1d5
- SHA256
  
  8acd1a17583964daef8c49d20f2c970576241810cd3c91dbd8d24efe77cc1b50
- SHA512
  
  558f029c9a99385e9ceffc9450619d0c0f3eb8be02e3ccde275fa5dedb2b8c98aff5a235435ae1a7552ff76ab5ac0fd40fae0467659d1c66f916eb17321a6af7
- SSDEEP
  
  24576:QFszWS5unaLSnYTwGJ+xCXdgVtgzEwe2Xp+8YKdxGHzcDJ:QxaOYTwM+ct2PKdqADJ
Score

7^/10

discovery persistence upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

behavioral2

discoverypersistenceupx

© 2018-2025

Terms | Privacy