df9dd0b789c3a5f138ff1f504515c232ef9b0c82bc3e8e05f8ffb428105820d2 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

ea868a4618...18.exe

windows7-x64

8

ea868a4618...18.exe

windows10-2004-x64

8

Sharing

General

Target

ea868a461814748d42fb6dfeb3af0387_JaffaCakes118
Size

450KB
Sample

240919-eba1eszcjk
MD5

ea868a461814748d42fb6dfeb3af0387
SHA1

da3c75ad058310f0c63384895cddc1656835bdea
SHA256

df9dd0b789c3a5f138ff1f504515c232ef9b0c82bc3e8e05f8ffb428105820d2
SHA512

cfb7f6f9c469901d93ca9a18cf38d884c7d6e36dc3bfb1d05a49967a35f05238a08f183b0a8990be9f8e9fbc60a2781c22afb9b53fd931171612d03b4e27a339
SSDEEP

6144:UZ8ywEn1YXLGqCh1zeMpprEA3jkIJzxOlhT03EbdF49lSK/gnfE3N:uwa11qe1igrV3bJz0l9b89kKAE3N

Score

8^/10

discovery evasion persistence privilege_escalation spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ea868a461814748d42fb6dfeb3af0387_JaffaCakes118.exe

Resource

win7-20240903-en

discovery evasion persistence privilege_escalation spyware stealer upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

ea868a461814748d42fb6dfeb3af0387_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion persistence privilege_escalation spyware stealer upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  ea868a461814748d42fb6dfeb3af0387_JaffaCakes118
- Size
  
  450KB
- MD5
  
  ea868a461814748d42fb6dfeb3af0387
- SHA1
  
  da3c75ad058310f0c63384895cddc1656835bdea
- SHA256
  
  df9dd0b789c3a5f138ff1f504515c232ef9b0c82bc3e8e05f8ffb428105820d2
- SHA512
  
  cfb7f6f9c469901d93ca9a18cf38d884c7d6e36dc3bfb1d05a49967a35f05238a08f183b0a8990be9f8e9fbc60a2781c22afb9b53fd931171612d03b4e27a339
- SSDEEP
  
  6144:UZ8ywEn1YXLGqCh1zeMpprEA3jkIJzxOlhT03EbdF49lSK/gnfE3N:uwa11qe1igrV3bJz0l9b89kKAE3N
Score

8^/10

discovery evasion persistence privilege_escalation spyware stealer upx
- Modifies Windows Firewall
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationspywarestealerupx

behavioral2

discoveryevasionpersistenceprivilege_escalationspywarestealerupx

© 2018-2025

Terms | Privacy