e3f09a4f585512b2d597b0aacef5e95887aedc1c68556d4c8880113cab94144e | Triage

Submit
Reports

Overview

overview

8

Static

static

3

d02a7aeeb6...18.exe

windows7-x64

8

d02a7aeeb6...18.exe

windows10-2004-x64

8

Sharing

General

Target

d02a7aeeb68e9490f46067f2e73aad91_JaffaCakes118
Size

4.8MB
Sample

240906-wvprcs1eng
MD5

d02a7aeeb68e9490f46067f2e73aad91
SHA1

46c23758adf8e8ba15f31851ba53040224e187ab
SHA256

e3f09a4f585512b2d597b0aacef5e95887aedc1c68556d4c8880113cab94144e
SHA512

921a8f73e25988056185b1cbbc8b413e6e1669ceeab418f4323d67900ffa8d8383a584c68166a9d557429a02160dd2af180c76927f181cb6462644cdc1e33d45
SSDEEP

98304:Ct6xS/jD6laC1GUqLQuZyM0vyGkt50rsI6NQ3giOvo7avbH0rT:CVKlaCjqLJ4M06Ga5DI6NQ3svbH+

Score

8^/10

discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d02a7aeeb68e9490f46067f2e73aad91_JaffaCakes118.exe

Resource

win7-20240708-en

discovery persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

d02a7aeeb68e9490f46067f2e73aad91_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery persistence

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  d02a7aeeb68e9490f46067f2e73aad91_JaffaCakes118
- Size
  
  4.8MB
- MD5
  
  d02a7aeeb68e9490f46067f2e73aad91
- SHA1
  
  46c23758adf8e8ba15f31851ba53040224e187ab
- SHA256
  
  e3f09a4f585512b2d597b0aacef5e95887aedc1c68556d4c8880113cab94144e
- SHA512
  
  921a8f73e25988056185b1cbbc8b413e6e1669ceeab418f4323d67900ffa8d8383a584c68166a9d557429a02160dd2af180c76927f181cb6462644cdc1e33d45
- SSDEEP
  
  98304:Ct6xS/jD6laC1GUqLQuZyM0vyGkt50rsI6NQ3giOvo7avbH0rT:CVKlaCjqLJ4M06Ga5DI6NQ3svbH+
Score

8^/10

discovery persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

© 2018-2025

Terms | Privacy