338a3c8755bd5fefc34ec6adcc91ea9d6b3dee196a9f1bef95f54416133dabf2 | Triage

Submit
Reports

Overview

overview

Static

static

3

a5dbe6f546...18.exe

windows7-x64

3

a5dbe6f546...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

a5dbe6f5469a33b283ec92247f605624_JaffaCakes118
Size

90KB
Sample

240818-h2g37sverk
MD5

a5dbe6f5469a33b283ec92247f605624
SHA1

254ebcc354659af4838f55a258f032f9fff123e7
SHA256

338a3c8755bd5fefc34ec6adcc91ea9d6b3dee196a9f1bef95f54416133dabf2
SHA512

fd7657d4d79dafc68d2372bd95b5c6b060bae4e906e5ba3e50a127beafaa887fdfb71fd701d013275db2fa2d578bb72c7ac6d6a2cd15749a6f33b7327991d8d0
SSDEEP

1536:+Qpy7IaDGK6FJ/fc0U3X5ItM5CSQITsEhNXf4cWmXTpD9BLsdi/o2ubNf:+z7/Db67/q3nCF8hNXwF4DLAdiN0N

Score

10^/10

adware defense_evasion discovery persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a5dbe6f5469a33b283ec92247f605624_JaffaCakes118.exe

Resource

win7-20240729-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

a5dbe6f5469a33b283ec92247f605624_JaffaCakes118.exe

Resource

win10v2004-20240802-en

adware defense_evasion discovery persistence stealer upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  a5dbe6f5469a33b283ec92247f605624_JaffaCakes118
- Size
  
  90KB
- MD5
  
  a5dbe6f5469a33b283ec92247f605624
- SHA1
  
  254ebcc354659af4838f55a258f032f9fff123e7
- SHA256
  
  338a3c8755bd5fefc34ec6adcc91ea9d6b3dee196a9f1bef95f54416133dabf2
- SHA512
  
  fd7657d4d79dafc68d2372bd95b5c6b060bae4e906e5ba3e50a127beafaa887fdfb71fd701d013275db2fa2d578bb72c7ac6d6a2cd15749a6f33b7327991d8d0
- SSDEEP
  
  1536:+Qpy7IaDGK6FJ/fc0U3X5ItM5CSQITsEhNXf4cWmXTpD9BLsdi/o2ubNf:+z7/Db67/q3nCF8hNXwF4DLAdiN0N
Score

10^/10

discovery adware defense_evasion persistence stealer upx
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwaredefense_evasiondiscoverypersistencestealerupx

© 2018-2025

Terms | Privacy