f90b08d3b88747529a8f499e5e7b0830e4a00ffae737bf5d68fbd37a3447c420 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

a9e408ec9a...18.exe

windows7-x64

8

a9e408ec9a...18.exe

windows10-2004-x64

8

Sharing

General

Target

a9e408ec9abbfdac7f963643923f2a5f_JaffaCakes118
Size

185KB
Sample

240819-gw3x2syaqe
MD5

a9e408ec9abbfdac7f963643923f2a5f
SHA1

cce3f30db965a960dff9281a61a278c0aaa50a8a
SHA256

f90b08d3b88747529a8f499e5e7b0830e4a00ffae737bf5d68fbd37a3447c420
SHA512

3924d5ad35a355100d1df8487bb043cf7293e3793bdd3f9ea2441e155622b7d528b98cf5793413f5131846c5e7a7ab6308713295d20ed82ff6e929845b58c150
SSDEEP

3072:EamFnQYUM6m3SP2sVSdEnfWZN3cbgonk9sX1qalYuhLJNdjQVVTuP5J85Vi9iqVv:Eazq3aipalYuhoao5sQkzz

Score

8^/10

discovery upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a9e408ec9abbfdac7f963643923f2a5f_JaffaCakes118.exe

Resource

win7-20240705-en

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

a9e408ec9abbfdac7f963643923f2a5f_JaffaCakes118.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  a9e408ec9abbfdac7f963643923f2a5f_JaffaCakes118
- Size
  
  185KB
- MD5
  
  a9e408ec9abbfdac7f963643923f2a5f
- SHA1
  
  cce3f30db965a960dff9281a61a278c0aaa50a8a
- SHA256
  
  f90b08d3b88747529a8f499e5e7b0830e4a00ffae737bf5d68fbd37a3447c420
- SHA512
  
  3924d5ad35a355100d1df8487bb043cf7293e3793bdd3f9ea2441e155622b7d528b98cf5793413f5131846c5e7a7ab6308713295d20ed82ff6e929845b58c150
- SSDEEP
  
  3072:EamFnQYUM6m3SP2sVSdEnfWZN3cbgonk9sX1qalYuhLJNdjQVVTuP5J85Vi9iqVv:Eazq3aipalYuhoao5sQkzz
Score

8^/10

discovery upx
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy