8c3bebceac8eea414e9dd96f776490504d4f2984c8406d3a6bd290399687fcea | Triage

Submit
Reports

Overview

overview

Static

static

5

b5aa17fd21...18.exe

windows7-x64

b5aa17fd21...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

b5aa17fd215bf28372b9a74a7a57416f_JaffaCakes118
Size

755KB
Sample

240822-axjr8ssgnm
MD5

b5aa17fd215bf28372b9a74a7a57416f
SHA1

1a05f25c3d3c4ec23e597416daeaadf94448e98b
SHA256

8c3bebceac8eea414e9dd96f776490504d4f2984c8406d3a6bd290399687fcea
SHA512

d3e85a68519edc9e0b194dca15b615a3442fcd6af8cb73e90af76c5b6794ca8b37fa313cff14d34d799302046f56f33ca54d7c8f4f0c5a93e92a687ed0c73bba
SSDEEP

6144:gpqoa8aLaC/2OLSAN7gNVpNleQUohBfGPOtQciXeL/XYqGlebojSP2pjNhcAYnC/:gpqaC/2OGAtkCP4cejGSOpRK3CnIiw+

Score

10^/10

discovery persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b5aa17fd215bf28372b9a74a7a57416f_JaffaCakes118.exe

Resource

win7-20240705-en

discovery persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b5aa17fd215bf28372b9a74a7a57416f_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  b5aa17fd215bf28372b9a74a7a57416f_JaffaCakes118
- Size
  
  755KB
- MD5
  
  b5aa17fd215bf28372b9a74a7a57416f
- SHA1
  
  1a05f25c3d3c4ec23e597416daeaadf94448e98b
- SHA256
  
  8c3bebceac8eea414e9dd96f776490504d4f2984c8406d3a6bd290399687fcea
- SHA512
  
  d3e85a68519edc9e0b194dca15b615a3442fcd6af8cb73e90af76c5b6794ca8b37fa313cff14d34d799302046f56f33ca54d7c8f4f0c5a93e92a687ed0c73bba
- SSDEEP
  
  6144:gpqoa8aLaC/2OLSAN7gNVpNleQUohBfGPOtQciXeL/XYqGlebojSP2pjNhcAYnC/:gpqaC/2OGAtkCP4cejGSOpRK3CnIiw+
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

© 2018-2025

Terms | Privacy