053a9a9daf5bfd5cf566b19b28fb7c10f1ff93b3dad6e82250b048e7c431c826 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

b520f8e70c...18.exe

windows7-x64

9

b520f8e70c...18.exe

windows10-2004-x64

9

Sharing

General

Target

b520f8e70c441a98c98e51f5087cbfe2_JaffaCakes118
Size

1.3MB
Sample

240821-1etgts1hjh
MD5

b520f8e70c441a98c98e51f5087cbfe2
SHA1

36ecf30b8948aba834f88a35d78a52e0acfba320
SHA256

053a9a9daf5bfd5cf566b19b28fb7c10f1ff93b3dad6e82250b048e7c431c826
SHA512

2a2daa0243a8f4978939a7f10ab0962a0372ce179b1ea35d366134a889eeef8a5c767962c78882a5ef862710617019ab84f840f89d4e1b7e937e3a832ca26065
SSDEEP

24576:9vM6BIsJnsI8C0NFp5EAKgRBGS5QpOp1ShlpxcxNJRomdexnlNEx:RM6BfJnsI8CsP3Kc8S5QpgSnpKrJzdc8

Score

9^/10

discovery evasion upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b520f8e70c441a98c98e51f5087cbfe2_JaffaCakes118.exe

Resource

win7-20240704-en

discovery evasion upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

b520f8e70c441a98c98e51f5087cbfe2_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  b520f8e70c441a98c98e51f5087cbfe2_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  b520f8e70c441a98c98e51f5087cbfe2
- SHA1
  
  36ecf30b8948aba834f88a35d78a52e0acfba320
- SHA256
  
  053a9a9daf5bfd5cf566b19b28fb7c10f1ff93b3dad6e82250b048e7c431c826
- SHA512
  
  2a2daa0243a8f4978939a7f10ab0962a0372ce179b1ea35d366134a889eeef8a5c767962c78882a5ef862710617019ab84f840f89d4e1b7e937e3a832ca26065
- SSDEEP
  
  24576:9vM6BIsJnsI8C0NFp5EAKgRBGS5QpOp1ShlpxcxNJRomdexnlNEx:RM6BfJnsI8CsP3Kc8S5QpgSnpKrJzdc8
Score

9^/10

discovery evasion upx
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionupx

behavioral2

discoveryevasionupx

© 2018-2025

Terms | Privacy