e7c65fb736f4ec9a78be81c8b7611cb548285b7021b72d9659d0708ad3ccf748 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

d72a277b30...18.exe

windows7-x64

d72a277b30...18.exe

windows10-2004-x64

Sharing

General

Target

d72a277b30ef3604b4b2e78dd21512bd_JaffaCakes118
Size

70KB
Sample

240909-1wzeeavalb
MD5

d72a277b30ef3604b4b2e78dd21512bd
SHA1

258c27a3aa9f631621ef82136524e2df91374c9a
SHA256

e7c65fb736f4ec9a78be81c8b7611cb548285b7021b72d9659d0708ad3ccf748
SHA512

21c6f5ec2934137a78d9aee95831c42d69b5186adaf0c9eb963597e01f27666152f470eec45e9d94d36940d2f9b0968b25edb314c0994a27641bfbbc9399f5fc
SSDEEP

1536:I+0gFMj1AaiN7OaM1C9rRtpl8XcFYINoIadoqEXrY:rNDaiN7ORC9rvwXcFH6yrY

Score

10^/10

discovery evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d72a277b30ef3604b4b2e78dd21512bd_JaffaCakes118.exe

Resource

win7-20240903-en

discovery evasion persistence upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

d72a277b30ef3604b4b2e78dd21512bd_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion persistence upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  d72a277b30ef3604b4b2e78dd21512bd_JaffaCakes118
- Size
  
  70KB
- MD5
  
  d72a277b30ef3604b4b2e78dd21512bd
- SHA1
  
  258c27a3aa9f631621ef82136524e2df91374c9a
- SHA256
  
  e7c65fb736f4ec9a78be81c8b7611cb548285b7021b72d9659d0708ad3ccf748
- SHA512
  
  21c6f5ec2934137a78d9aee95831c42d69b5186adaf0c9eb963597e01f27666152f470eec45e9d94d36940d2f9b0968b25edb314c0994a27641bfbbc9399f5fc
- SSDEEP
  
  1536:I+0gFMj1AaiN7OaM1C9rRtpl8XcFYINoIadoqEXrY:rNDaiN7ORC9rvwXcFH6yrY
Score

10^/10

discovery evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Deletes itself
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceupx

behavioral2

discoveryevasionpersistenceupx

© 2018-2025

Terms | Privacy