9ecfef9aeac40801b4e378a2f0e17b56fc3a2b50ac2c0ed9d00f124cd27f4b9b | Triage

Submit
Reports

Overview

overview

Static

static

3

ee12ff2b7e...18.exe

windows7-x64

ee12ff2b7e...18.exe

windows10-2004-x64

Sharing

General

Target

ee12ff2b7e6ea4788c62fdb82e9a8769_JaffaCakes118
Size

698KB
Sample

240920-vwp8vaxgqe
MD5

ee12ff2b7e6ea4788c62fdb82e9a8769
SHA1

32d1a569e36ff40e81f0d6d851ec5591c78527da
SHA256

9ecfef9aeac40801b4e378a2f0e17b56fc3a2b50ac2c0ed9d00f124cd27f4b9b
SHA512

7a55fa9f64f70e615664c1b103f0896921922a20df252d28696026477df3572987921ec96000a8d5b78a7d5cd2229168fb06073f97f212c168a27f63c15e2710
SSDEEP

12288:g3TdtLW5WIj1YSSdFxUBSXYb9lx/9AgHLo8OW+rB8:aDsj1dEEBcYPx/igrp+a

Score

10^/10

discovery evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ee12ff2b7e6ea4788c62fdb82e9a8769_JaffaCakes118.exe

Resource

win7-20240903-en

discovery evasion persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

ee12ff2b7e6ea4788c62fdb82e9a8769_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion persistence

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  ee12ff2b7e6ea4788c62fdb82e9a8769_JaffaCakes118
- Size
  
  698KB
- MD5
  
  ee12ff2b7e6ea4788c62fdb82e9a8769
- SHA1
  
  32d1a569e36ff40e81f0d6d851ec5591c78527da
- SHA256
  
  9ecfef9aeac40801b4e378a2f0e17b56fc3a2b50ac2c0ed9d00f124cd27f4b9b
- SHA512
  
  7a55fa9f64f70e615664c1b103f0896921922a20df252d28696026477df3572987921ec96000a8d5b78a7d5cd2229168fb06073f97f212c168a27f63c15e2710
- SSDEEP
  
  12288:g3TdtLW5WIj1YSSdFxUBSXYb9lx/9AgHLo8OW+rB8:aDsj1dEEBcYPx/igrp+a
Score

10^/10

discovery evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence

© 2018-2025

Terms | Privacy