6d0f958596f72608fa7263552583a1802673f135b5886545b60320cd60384bea | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

d01be79213...18.exe

windows7-x64

7

d01be79213...18.exe

windows10-2004-x64

7

Sharing

General

Target

d01be792134387bfa12c4c4db206338a_JaffaCakes118
Size

1.7MB
Sample

240906-wbh5gazcln
MD5

d01be792134387bfa12c4c4db206338a
SHA1

edb80fd21c9d3082359e44cd244801c07902f28b
SHA256

6d0f958596f72608fa7263552583a1802673f135b5886545b60320cd60384bea
SHA512

4377a4ccee73e4e7448e4460792845bca36a202db8ecc86bf70f95fc164116d979b93fe4e5eab4334ca3143c73f5f797eb9a4aa5d3afbe4980a56407c88831a7
SSDEEP

49152:Hca33cLLfJhPYHMIclNA5uAOlTM9rMEkOhPGO:HcaHcXHPYHM9uJOlTMd/kOz

Score

7^/10

aspackv2 discovery vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d01be792134387bfa12c4c4db206338a_JaffaCakes118.exe

Resource

win7-20240903-en

aspackv2 discovery vmprotect

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

d01be792134387bfa12c4c4db206338a_JaffaCakes118.exe

Resource

win10v2004-20240802-en

aspackv2 discovery vmprotect

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  d01be792134387bfa12c4c4db206338a_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  d01be792134387bfa12c4c4db206338a
- SHA1
  
  edb80fd21c9d3082359e44cd244801c07902f28b
- SHA256
  
  6d0f958596f72608fa7263552583a1802673f135b5886545b60320cd60384bea
- SHA512
  
  4377a4ccee73e4e7448e4460792845bca36a202db8ecc86bf70f95fc164116d979b93fe4e5eab4334ca3143c73f5f797eb9a4aa5d3afbe4980a56407c88831a7
- SSDEEP
  
  49152:Hca33cLLfJhPYHMIclNA5uAOlTM9rMEkOhPGO:HcaHcXHPYHM9uJOlTMd/kOz
Score

7^/10

aspackv2 discovery vmprotect
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2discoveryvmprotect

behavioral2

aspackv2discoveryvmprotect

© 2018-2025

Terms | Privacy