aa07d003a3970d590cabf83036684f16d5afe6c829bc62973609d63cd2f7aaae | Triage

Submit
Reports

Overview

overview

8

Static

static

3

be8af64922...18.dll

windows7-x64

3

be8af64922...18.dll

windows10-2004-x64

8

Sharing

General

Target

be8af64922c56ae40907878b04c57152_JaffaCakes118
Size

110KB
Sample

240824-n5d4lsyeqe
MD5

be8af64922c56ae40907878b04c57152
SHA1

fe5f592060c46b1385b229861f1aa5666b5708a5
SHA256

aa07d003a3970d590cabf83036684f16d5afe6c829bc62973609d63cd2f7aaae
SHA512

47b614c85d0a85b673b76a7d8e7381ae31d43e719f1551747b777ebebe14831d4e582c59d91826cf32f02a2cab5e0c243eb0a6724c2b61cf7b88535aa241056b
SSDEEP

3072:ZaYFy1leJSwWvThaop1zy7dZ4SmuqeYDrdzs2wemxLtgU:MYFaUvWLpov4rTeYDlsxvL

Score

8^/10

adware discovery persistence privilege_escalation stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

be8af64922c56ae40907878b04c57152_JaffaCakes118.dll

Resource

win7-20240704-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

be8af64922c56ae40907878b04c57152_JaffaCakes118.dll

Resource

win10v2004-20240802-en

adware discovery persistence privilege_escalation stealer upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  be8af64922c56ae40907878b04c57152_JaffaCakes118
- Size
  
  110KB
- MD5
  
  be8af64922c56ae40907878b04c57152
- SHA1
  
  fe5f592060c46b1385b229861f1aa5666b5708a5
- SHA256
  
  aa07d003a3970d590cabf83036684f16d5afe6c829bc62973609d63cd2f7aaae
- SHA512
  
  47b614c85d0a85b673b76a7d8e7381ae31d43e719f1551747b777ebebe14831d4e582c59d91826cf32f02a2cab5e0c243eb0a6724c2b61cf7b88535aa241056b
- SSDEEP
  
  3072:ZaYFy1leJSwWvThaop1zy7dZ4SmuqeYDrdzs2wemxLtgU:MYFaUvWLpov4rTeYDlsxvL
Score

8^/10

discovery adware persistence privilege_escalation stealer upx
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwarediscoverypersistenceprivilege_escalationstealerupx

© 2018-2025

Terms | Privacy