64f14c276382a6c83ca4655b659a344af2481f8bbadfcaf17012cff9f026585f | Triage

Submit
Reports

Overview

overview

Static

static

7

ee2166b863...18.exe

windows7-x64

ee2166b863...18.exe

windows10-2004-x64

7

Sharing

General

Target

ee2166b8636b702cb6ad74f693740d21_JaffaCakes118
Size

55KB
Sample

240920-whck9syhpa
MD5

ee2166b8636b702cb6ad74f693740d21
SHA1

b7837cda490ee29ebae1b138e2b1c51aa6ce5ae5
SHA256

64f14c276382a6c83ca4655b659a344af2481f8bbadfcaf17012cff9f026585f
SHA512

320c6e97724391d024cc30699d3612de9126770934dc4eca62aed48a666fb179b257aae9236e3a1187c289da1cc109d6c275e14e5dd945743c9115e07300c29e
SSDEEP

768:U4uctBneusEz+xwg8HC/6NETIjtOdKEpQNQmqulk25TVXGWS6+L3vOLDgM9jzSC8:R1Tenk+2jHNEWkY42Q8fTVzSl3vOLfp

Score

10^/10

adware defense_evasion discovery evasion persistence stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ee2166b8636b702cb6ad74f693740d21_JaffaCakes118.exe

Resource

win7-20240708-en

adware defense_evasion discovery evasion persistence stealer upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

ee2166b8636b702cb6ad74f693740d21_JaffaCakes118.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  ee2166b8636b702cb6ad74f693740d21_JaffaCakes118
- Size
  
  55KB
- MD5
  
  ee2166b8636b702cb6ad74f693740d21
- SHA1
  
  b7837cda490ee29ebae1b138e2b1c51aa6ce5ae5
- SHA256
  
  64f14c276382a6c83ca4655b659a344af2481f8bbadfcaf17012cff9f026585f
- SHA512
  
  320c6e97724391d024cc30699d3612de9126770934dc4eca62aed48a666fb179b257aae9236e3a1187c289da1cc109d6c275e14e5dd945743c9115e07300c29e
- SSDEEP
  
  768:U4uctBneusEz+xwg8HC/6NETIjtOdKEpQNQmqulk25TVXGWS6+L3vOLDgM9jzSC8:R1Tenk+2jHNEWkY42Q8fTVzSl3vOLfp
Score

10^/10

adware defense_evasion discovery evasion persistence stealer upx
- Modifies firewall policy service
  evasion
- Drops file in Drivers directory
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Deletes itself
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Browser Extensions

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Safe Mode Boot

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwaredefense_evasiondiscoveryevasionpersistencestealerupx

behavioral2

© 2018-2025

Terms | Privacy