671c381408708518fa258178d626cde407903ee66287ed30dbf8adffee0881b1 | Triage

Submit
Reports

Overview

overview

Static

static

1

patch.exe

windows7-x64

patch.exe

windows10-2004-x64

3

Sharing

General

Target

c0441898699a25ff165cfe5fe72b3d4f_JaffaCakes118
Size

200KB
Sample

240825-jknp4ataka
MD5

c0441898699a25ff165cfe5fe72b3d4f
SHA1

7aaa0e82118b38016074dc02b1700667af51bf3b
SHA256

671c381408708518fa258178d626cde407903ee66287ed30dbf8adffee0881b1
SHA512

fa0e1944ed2e48d5b6f5593f083c163cba01bdbad50887377a0c630a0c372a2aa19fe370adb9850816833dd06fd09cd1adc86987b95cd15ac4088350cbed600a
SSDEEP

3072:scoELmd8nNL74Y6P0GRTlEeROvNDR0WgA52qStx74rHdSmOipgSih8svOJFPkpy6:thLF4xP04TlZWgAoD4LkvOgvi2pj0Y

Score

10^/10

discovery evasion persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

patch.exe

Resource

win7-20240729-en

discovery evasion persistence upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

patch.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  patch.exe
- Size
  
  222KB
- MD5
  
  a096e0dcb76375f4cc147faaef72b7b2
- SHA1
  
  4c16240702cefe056ad84cf77eb2c84439c30895
- SHA256
  
  7b9a13d324b0243e87b1a76312c4456ef7f2ce25bde654cf3cb1fb244a4ec1d1
- SHA512
  
  7685f8eb9c54b370378ff2a2b718e3148663110a2752dd64341eec4caf74f4fc48f9db4f0da88cbd1d23ad4f52d3777fd8f2a9f18a2dc2df9886e8b3e7f40f32
- SSDEEP
  
  3072:h7HQuliFNL74Y6P0cRTlEeROvNDRYWgA52qStx74rHdSmskRN0rVzvfJABHTBfnj:h7wuI4xP0CTlzWgAoD4Lk+N0r0BHTBPj
Score

10^/10

discovery evasion persistence upx
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceupx

behavioral2

© 2018-2025

Terms | Privacy