d9f2751935d8b9da7b37279d44ed904c0e8509591e5b9ebf1a9d95e5ec4dc231 | Triage

Submit
Reports

Overview

overview

Static

static

7

b180ffd148...18.exe

windows7-x64

b180ffd148...18.exe

windows10-2004-x64

Sharing

General

Target

b180ffd148c3d8ebbc924a32bea56398_JaffaCakes118
Size

2.3MB
Sample

240821-a1vzns1glg
MD5

b180ffd148c3d8ebbc924a32bea56398
SHA1

8b2944c0ed842efb3fb58c165686e6497f3ba3ab
SHA256

d9f2751935d8b9da7b37279d44ed904c0e8509591e5b9ebf1a9d95e5ec4dc231
SHA512

17bedf37fc1d1be54154275e20965e4a0b06b179cdedf0ca668a73306c2ad1c2f995f8feb3ce7b5d921ee2df62a7b09978fcd863d127f6794af7114df411aa91
SSDEEP

24576:3uhafOA2eZJ8NI8NahcqmTWQ5qmTOrTxfAhrTxFrTxprTxJeZG8:YC8NKcqCWaqCO/eh/T/f/PR8

Score

10^/10

defense_evasion discovery evasion execution persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b180ffd148c3d8ebbc924a32bea56398_JaffaCakes118.exe

Resource

win7-20240708-en

defense_evasion discovery evasion execution persistence upx

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

b180ffd148c3d8ebbc924a32bea56398_JaffaCakes118.exe

Resource

win10v2004-20240802-en

defense_evasion discovery evasion execution persistence upx

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  b180ffd148c3d8ebbc924a32bea56398_JaffaCakes118
- Size
  
  2.3MB
- MD5
  
  b180ffd148c3d8ebbc924a32bea56398
- SHA1
  
  8b2944c0ed842efb3fb58c165686e6497f3ba3ab
- SHA256
  
  d9f2751935d8b9da7b37279d44ed904c0e8509591e5b9ebf1a9d95e5ec4dc231
- SHA512
  
  17bedf37fc1d1be54154275e20965e4a0b06b179cdedf0ca668a73306c2ad1c2f995f8feb3ce7b5d921ee2df62a7b09978fcd863d127f6794af7114df411aa91
- SSDEEP
  
  24576:3uhafOA2eZJ8NI8NahcqmTWQ5qmTOrTxfAhrTxFrTxprTxJeZG8:YC8NKcqCWaqCO/eh/T/f/PR8
Score

10^/10

defense_evasion discovery evasion execution persistence upx
- Disables service(s)
  evasion execution
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Network Share Discovery

System Location Discovery

System Language Discovery

System Time Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionexecutionpersistenceupx

behavioral2

defense_evasiondiscoveryevasionexecutionpersistenceupx

© 2018-2025

Terms | Privacy