1ec672065de0b8decd272231f714e9efaf6bb8457d6aa33f55fd53ae56e29911 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

bf20f6e7cb...18.dll

windows7-x64

8

bf20f6e7cb...18.dll

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

bf20f6e7cba962a22c10e6b8e909537c_JaffaCakes118
Size

88KB
Sample

240824-waa3gatcqr
MD5

bf20f6e7cba962a22c10e6b8e909537c
SHA1

ce3a0c071d4597e25adaed774c28c0f9bdbf278c
SHA256

1ec672065de0b8decd272231f714e9efaf6bb8457d6aa33f55fd53ae56e29911
SHA512

56549d6ba1199e425e43101dfb09459106fca03c64edf4f224bf9ce8c47f17483f9fe00ed4c50bc36ffcb89333b961ac93650fa72fe80c4997294d9eff30b472
SSDEEP

1536:SeXClQTMBiE1iw753oZKM8jPLNQ9bT3u33AxVInYSlfsB4RDipVTB:pXWQI8EV3oWjPLC93eAMnuoDsV

Score

8^/10

discovery evasion persistence privilege_escalation upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

bf20f6e7cba962a22c10e6b8e909537c_JaffaCakes118.dll

Resource

win7-20240708-en

discovery evasion persistence privilege_escalation upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

bf20f6e7cba962a22c10e6b8e909537c_JaffaCakes118.dll

Resource

win10v2004-20240802-en

discovery evasion persistence privilege_escalation upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  bf20f6e7cba962a22c10e6b8e909537c_JaffaCakes118
- Size
  
  88KB
- MD5
  
  bf20f6e7cba962a22c10e6b8e909537c
- SHA1
  
  ce3a0c071d4597e25adaed774c28c0f9bdbf278c
- SHA256
  
  1ec672065de0b8decd272231f714e9efaf6bb8457d6aa33f55fd53ae56e29911
- SHA512
  
  56549d6ba1199e425e43101dfb09459106fca03c64edf4f224bf9ce8c47f17483f9fe00ed4c50bc36ffcb89333b961ac93650fa72fe80c4997294d9eff30b472
- SSDEEP
  
  1536:SeXClQTMBiE1iw753oZKM8jPLNQ9bT3u33AxVInYSlfsB4RDipVTB:pXWQI8EV3oWjPLC93eAMnuoDsV
Score

8^/10

discovery evasion persistence privilege_escalation upx
- Blocklisted process makes network request
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationupx

behavioral2

discoveryevasionpersistenceprivilege_escalationupx

© 2018-2025

Terms | Privacy