5d074ed65f62d5dbfafe0d9014a2720319bf75963cfd4c4165926825fa5c67b5 | Triage

Submit
Reports

Overview

overview

Static

static

3

ee040da2a7...18.exe

windows7-x64

ee040da2a7...18.exe

windows10-2004-x64

Sharing

General

Target

ee040da2a70d55fe834aef39a1e9b5fe_JaffaCakes118
Size

521KB
Sample

240920-vaaahaxbml
MD5

ee040da2a70d55fe834aef39a1e9b5fe
SHA1

89c58f9551967b285bef959171beefeba18d0434
SHA256

5d074ed65f62d5dbfafe0d9014a2720319bf75963cfd4c4165926825fa5c67b5
SHA512

8eb53cbd29a548fc592706fb664e977ce322ef3c92f7f531b49aabc4c12862cad0c8cd512f71e1c802bdc01fe75ac4bca2c38257d3803d571f0b781f78753867
SSDEEP

12288:k6/DdQHroPTAwpwXQsBPTeoG0HhDtdC2Cp4JSErXDx1jHWjrLolXVhDe:z7WsPkA8QsBPyoG0HBrC2zJSKDnHWjXb

Score

10^/10

discovery persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ee040da2a70d55fe834aef39a1e9b5fe_JaffaCakes118.exe

Resource

win7-20240903-en

discovery persistence upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

ee040da2a70d55fe834aef39a1e9b5fe_JaffaCakes118.exe

Resource

win10v2004-20240910-en

discovery persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  ee040da2a70d55fe834aef39a1e9b5fe_JaffaCakes118
- Size
  
  521KB
- MD5
  
  ee040da2a70d55fe834aef39a1e9b5fe
- SHA1
  
  89c58f9551967b285bef959171beefeba18d0434
- SHA256
  
  5d074ed65f62d5dbfafe0d9014a2720319bf75963cfd4c4165926825fa5c67b5
- SHA512
  
  8eb53cbd29a548fc592706fb664e977ce322ef3c92f7f531b49aabc4c12862cad0c8cd512f71e1c802bdc01fe75ac4bca2c38257d3803d571f0b781f78753867
- SSDEEP
  
  12288:k6/DdQHroPTAwpwXQsBPTeoG0HhDtdC2Cp4JSErXDx1jHWjrLolXVhDe:z7WsPkA8QsBPyoG0HBrC2zJSKDnHWjXb
Score

10^/10

discovery persistence upx
- Modifies WinLogon for persistence
  persistence
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

behavioral2

discoverypersistenceupx

© 2018-2025

Terms | Privacy