d568c62e8c9f52e03c50b6309815d03f12dbbaba46b948acd769f10aa181070a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a5f36f4bd4...18.exe

windows7-x64

7

a5f36f4bd4...18.exe

windows10-2004-x64

7

Sharing

General

Target

a5f36f4bd449a249562398e766106df2_JaffaCakes118
Size

46KB
Sample

240818-jkz35awdrp
MD5

a5f36f4bd449a249562398e766106df2
SHA1

8f325fd10787fee56651e085bd1c0c393c809663
SHA256

d568c62e8c9f52e03c50b6309815d03f12dbbaba46b948acd769f10aa181070a
SHA512

257ff325f06c886c5aaa4ab957d1125b4613cee0463b64463dd7fd1e1638296e6da5878915b8595b07c1385e458fb4b7ec5b384ccc8769e9ab07d43813414985
SSDEEP

768:VLi0NnqrjIcGA+9H5MQO7BUdLOyOLm/Cb5vTOc74Hpyfogpty2uhNqFeTCL:ViHIcz+j0W2QA5v974JyZuC

Score

7^/10

adware discovery evasion stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a5f36f4bd449a249562398e766106df2_JaffaCakes118.exe

Resource

win7-20240729-en

adware discovery evasion stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

a5f36f4bd449a249562398e766106df2_JaffaCakes118.exe

Resource

win10v2004-20240802-en

adware discovery evasion stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  a5f36f4bd449a249562398e766106df2_JaffaCakes118
- Size
  
  46KB
- MD5
  
  a5f36f4bd449a249562398e766106df2
- SHA1
  
  8f325fd10787fee56651e085bd1c0c393c809663
- SHA256
  
  d568c62e8c9f52e03c50b6309815d03f12dbbaba46b948acd769f10aa181070a
- SHA512
  
  257ff325f06c886c5aaa4ab957d1125b4613cee0463b64463dd7fd1e1638296e6da5878915b8595b07c1385e458fb4b7ec5b384ccc8769e9ab07d43813414985
- SSDEEP
  
  768:VLi0NnqrjIcGA+9H5MQO7BUdLOyOLm/Cb5vTOc74Hpyfogpty2uhNqFeTCL:ViHIcz+j0W2QA5v974JyZuC
Score

7^/10

adware discovery evasion stealer trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryevasionstealertrojan

behavioral2

adwarediscoveryevasionstealertrojan

© 2018-2025

Terms | Privacy