b578c817244af68fd63988fd4b00af7fcd36f452f533dda8acafc58b28f192f0 | Triage

Submit
Reports

Overview

overview

Static

static

3

e26c334aca...18.exe

windows7-x64

e26c334aca...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

e26c334aca4235fa873b03fc214dd2f3_JaffaCakes118
Size

202KB
Sample

240915-n24j4asdrb
MD5

e26c334aca4235fa873b03fc214dd2f3
SHA1

22f16a47a983afe06005b55de473aaed9a27ce79
SHA256

b578c817244af68fd63988fd4b00af7fcd36f452f533dda8acafc58b28f192f0
SHA512

34dda4301929bbe4465b488277901062f73deab9724f364a72280e26526cfe6ecc2f594e5439efafe5ef0a8588f533141edaef68aa3ed24e7546ddbde437ec89
SSDEEP

3072:Pm3xAixt4HsHV9akIRZt6XL6TPixomP0yd+kBOPvIedIdutqqJPOI88vKiW+Ecwz:Pm3+m4qV2Kp0y5wPwEIQtqqtOIJX8esD

Score

10^/10

defense_evasion discovery evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e26c334aca4235fa873b03fc214dd2f3_JaffaCakes118.exe

Resource

win7-20240704-en

defense_evasion discovery evasion persistence

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

e26c334aca4235fa873b03fc214dd2f3_JaffaCakes118.exe

Resource

win10v2004-20240802-en

defense_evasion discovery evasion persistence

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  e26c334aca4235fa873b03fc214dd2f3_JaffaCakes118
- Size
  
  202KB
- MD5
  
  e26c334aca4235fa873b03fc214dd2f3
- SHA1
  
  22f16a47a983afe06005b55de473aaed9a27ce79
- SHA256
  
  b578c817244af68fd63988fd4b00af7fcd36f452f533dda8acafc58b28f192f0
- SHA512
  
  34dda4301929bbe4465b488277901062f73deab9724f364a72280e26526cfe6ecc2f594e5439efafe5ef0a8588f533141edaef68aa3ed24e7546ddbde437ec89
- SSDEEP
  
  3072:Pm3xAixt4HsHV9akIRZt6XL6TPixomP0yd+kBOPvIedIdutqqJPOI88vKiW+Ecwz:Pm3+m4qV2Kp0y5wPwEIQtqqtOIJX8esD
Score

10^/10

defense_evasion discovery evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistence

behavioral2

defense_evasiondiscoveryevasionpersistence

© 2018-2025

Terms | Privacy