c9706ce419a1c3b4fcc4471cdcc01f7db0f96025b3e5f0f9a36c109e836935e8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c81c6bcd4a...18.exe

windows7-x64

7

c81c6bcd4a...18.exe

windows10-2004-x64

7

Sharing

General

Target

c81c6bcd4aa644a569f764b9c83ba46e_JaffaCakes118
Size

28KB
Sample

240829-desh7szgre
MD5

c81c6bcd4aa644a569f764b9c83ba46e
SHA1

78026c4adcfc4616c284644a7cfceb290c178a44
SHA256

c9706ce419a1c3b4fcc4471cdcc01f7db0f96025b3e5f0f9a36c109e836935e8
SHA512

98f40eaead2fcfb4b37ccd7acd389a32c426c759e73ea428351c3f592ade06516313bbf6c96ea077be2838cb320bcc0dca1492801a45ad2da49c653bdf784687
SSDEEP

768:isES7RSOw6hkl90vf+CclZJb0hFXK/iRdj+2MOc:iPS1aokl9vlZJghFL7j7Rc

Score

7^/10

defense_evasion discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c81c6bcd4aa644a569f764b9c83ba46e_JaffaCakes118.exe

Resource

win7-20240705-en

defense_evasion discovery upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

c81c6bcd4aa644a569f764b9c83ba46e_JaffaCakes118.exe

Resource

win10v2004-20240802-en

defense_evasion discovery upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  c81c6bcd4aa644a569f764b9c83ba46e_JaffaCakes118
- Size
  
  28KB
- MD5
  
  c81c6bcd4aa644a569f764b9c83ba46e
- SHA1
  
  78026c4adcfc4616c284644a7cfceb290c178a44
- SHA256
  
  c9706ce419a1c3b4fcc4471cdcc01f7db0f96025b3e5f0f9a36c109e836935e8
- SHA512
  
  98f40eaead2fcfb4b37ccd7acd389a32c426c759e73ea428351c3f592ade06516313bbf6c96ea077be2838cb320bcc0dca1492801a45ad2da49c653bdf784687
- SSDEEP
  
  768:isES7RSOw6hkl90vf+CclZJb0hFXK/iRdj+2MOc:iPS1aokl9vlZJghFL7j7Rc
Score

7^/10

defense_evasion discovery upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryupx

behavioral2

defense_evasiondiscoveryupx

© 2018-2025

Terms | Privacy