698cac7bc0d6445600eea6804bb603352827bc915114015f37b3f17fdb0f960f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

e1c9c8e887...18.exe

windows7-x64

e1c9c8e887...18.exe

windows10-2004-x64

Sharing

General

Target

e1c9c8e8879073124237095a12f42748_JaffaCakes118
Size

642KB
Sample

240915-f5kx6axerh
MD5

e1c9c8e8879073124237095a12f42748
SHA1

4ac49fb28674ad77ab07054264dfffd475344ff1
SHA256

698cac7bc0d6445600eea6804bb603352827bc915114015f37b3f17fdb0f960f
SHA512

e84e8cb2805c078ca38f7d7f3c4ccb047384fcd0ad8ce5ec95790dc158c03d022287e5344342e0cf506e79d56ef626e84dea6b4e48a86889f7991cb77f5ca8f6
SSDEEP

12288:hjkArEN249AyE/rbaMct4bO2/VFbSPon/+AqLBh+ciIT+1Qb5ECSTDJp:uFE//Tct4bOsT+Pu/l0YciIT7NECSvv

Score

10^/10

discovery evasion persistence trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

e1c9c8e8879073124237095a12f42748_JaffaCakes118.exe

Resource

win7-20240903-en

discovery evasion persistence trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

e1c9c8e8879073124237095a12f42748_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion persistence trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  e1c9c8e8879073124237095a12f42748_JaffaCakes118
- Size
  
  642KB
- MD5
  
  e1c9c8e8879073124237095a12f42748
- SHA1
  
  4ac49fb28674ad77ab07054264dfffd475344ff1
- SHA256
  
  698cac7bc0d6445600eea6804bb603352827bc915114015f37b3f17fdb0f960f
- SHA512
  
  e84e8cb2805c078ca38f7d7f3c4ccb047384fcd0ad8ce5ec95790dc158c03d022287e5344342e0cf506e79d56ef626e84dea6b4e48a86889f7991cb77f5ca8f6
- SSDEEP
  
  12288:hjkArEN249AyE/rbaMct4bO2/VFbSPon/+AqLBh+ciIT+1Qb5ECSTDJp:uFE//Tct4bOsT+Pu/l0YciIT7NECSvv
Score

10^/10

discovery evasion persistence trojan upx
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojanupx

behavioral2

discoveryevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy