c8c1be11b7eadaef5fd7d78d2d6c4d9944f6f59b783b4f4b7c7f3eac8e68143d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

efb9891ddb...18.exe

windows7-x64

efb9891ddb...18.exe

windows10-2004-x64

Sharing

General

Target

efb9891ddb30cb3dea7dfbe51c295a15_JaffaCakes118
Size

3.8MB
Sample

240921-nxv26azhnh
MD5

efb9891ddb30cb3dea7dfbe51c295a15
SHA1

987be11a59a129cc0d4e71fcfddeb3adf596e262
SHA256

c8c1be11b7eadaef5fd7d78d2d6c4d9944f6f59b783b4f4b7c7f3eac8e68143d
SHA512

cfb93d327b9914e831bce6932f09be7d809c25418e401f39182515082291d16fc4883fcdb93b7bb2fed3bc753de00e61371aaf4d00e0a6c68fbc4c0e37424487
SSDEEP

98304:+znOEj82saUwGJX87Q2iLcJ6Jg4G+SAdR:+n9slwGJXqvJ6JgdU

Score

10^/10

discovery evasion persistence trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

efb9891ddb30cb3dea7dfbe51c295a15_JaffaCakes118.exe

Resource

win7-20240903-en

discovery evasion persistence trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

efb9891ddb30cb3dea7dfbe51c295a15_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  efb9891ddb30cb3dea7dfbe51c295a15_JaffaCakes118
- Size
  
  3.8MB
- MD5
  
  efb9891ddb30cb3dea7dfbe51c295a15
- SHA1
  
  987be11a59a129cc0d4e71fcfddeb3adf596e262
- SHA256
  
  c8c1be11b7eadaef5fd7d78d2d6c4d9944f6f59b783b4f4b7c7f3eac8e68143d
- SHA512
  
  cfb93d327b9914e831bce6932f09be7d809c25418e401f39182515082291d16fc4883fcdb93b7bb2fed3bc753de00e61371aaf4d00e0a6c68fbc4c0e37424487
- SSDEEP
  
  98304:+znOEj82saUwGJX87Q2iLcJ6Jg4G+SAdR:+n9slwGJXqvJ6JgdU
Score

10^/10

discovery evasion persistence trojan upx
- UAC bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojanupx

behavioral2

discoveryevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy