c86a15b62e6a93aa128eb493aa5d12e4ed52b43353940d2e82c9857c72867ade | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

949882a819...18.exe

windows7-x64

8

949882a819...18.exe

windows10-2004-x64

8

Sharing

General

Target

949882a8195c64899c177325331e922c_JaffaCakes118
Size

58KB
Sample

240813-y5l5bsthqd
MD5

949882a8195c64899c177325331e922c
SHA1

ca63216e933ce75ec4cf7db3d10044a1b4c9ce3f
SHA256

c86a15b62e6a93aa128eb493aa5d12e4ed52b43353940d2e82c9857c72867ade
SHA512

36dd57a6d31bc4e6a1f6645329f3cbb39cce2560fc6391dd32d4e59d4697d04b688a0461585ce5869540dfae0347e462871e678300b11bbc22e77edf979f3940
SSDEEP

1536:Dnf/8mMyNXGWaAh/PqRDqC6FZnd+ZWNNO+1ijQU:D3X/ZRJhnE6FWMO+ij

Score

8^/10

defense_evasion discovery persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

949882a8195c64899c177325331e922c_JaffaCakes118.exe

Resource

win7-20240704-en

defense_evasion discovery persistence upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

949882a8195c64899c177325331e922c_JaffaCakes118.exe

Resource

win10v2004-20240802-en

defense_evasion discovery persistence upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  949882a8195c64899c177325331e922c_JaffaCakes118
- Size
  
  58KB
- MD5
  
  949882a8195c64899c177325331e922c
- SHA1
  
  ca63216e933ce75ec4cf7db3d10044a1b4c9ce3f
- SHA256
  
  c86a15b62e6a93aa128eb493aa5d12e4ed52b43353940d2e82c9857c72867ade
- SHA512
  
  36dd57a6d31bc4e6a1f6645329f3cbb39cce2560fc6391dd32d4e59d4697d04b688a0461585ce5869540dfae0347e462871e678300b11bbc22e77edf979f3940
- SSDEEP
  
  1536:Dnf/8mMyNXGWaAh/PqRDqC6FZnd+ZWNNO+1ijQU:D3X/ZRJhnE6FWMO+ij
Score

8^/10

defense_evasion discovery persistence upx
- Drops file in Drivers directory
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Indicator Removal: Clear Persistence
  remove IFEO.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Indicator Removal

Clear Persistence

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceupx

behavioral2

defense_evasiondiscoverypersistenceupx

© 2018-2025

Terms | Privacy