1f0e8a6ccdcbd4755d7544da2037e107349c1d41b4fa4639afb89dd8541b1e09 | Triage

Submit
Reports

Overview

overview

Static

static

3

ffa7457394...18.exe

windows7-x64

ffa7457394...18.exe

windows10-2004-x64

Sharing

General

Target

ffa745739473d73e9f17da60c65a37c7_JaffaCakes118
Size

252KB
Sample

240930-bkajgazemr
MD5

ffa745739473d73e9f17da60c65a37c7
SHA1

310273de5e45fa57484b227e35f5fe1449a4e6af
SHA256

1f0e8a6ccdcbd4755d7544da2037e107349c1d41b4fa4639afb89dd8541b1e09
SHA512

cbc9c8ec1ca570fbc9dc83655e9a5cb1552224d2612306811db63a5954227ca782eeaa694b4a860ebdf71e76e7d65b9807173add9ad1dca8cbeae01c9caebb7d
SSDEEP

3072:VDOU+qJKjmx5YH6GGFNr/UZ5e8GQZhU8LJV+0L4RHgZy7hMFtGFKivarBoJhDi:VqUPJTFpMZ88GUG8LJV+0k7hg0FKiNJs

Score

10^/10

defense_evasion discovery evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ffa745739473d73e9f17da60c65a37c7_JaffaCakes118.exe

Resource

win7-20240903-en

defense_evasion discovery evasion persistence

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

ffa745739473d73e9f17da60c65a37c7_JaffaCakes118.exe

Resource

win10v2004-20240802-en

defense_evasion discovery evasion persistence

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  ffa745739473d73e9f17da60c65a37c7_JaffaCakes118
- Size
  
  252KB
- MD5
  
  ffa745739473d73e9f17da60c65a37c7
- SHA1
  
  310273de5e45fa57484b227e35f5fe1449a4e6af
- SHA256
  
  1f0e8a6ccdcbd4755d7544da2037e107349c1d41b4fa4639afb89dd8541b1e09
- SHA512
  
  cbc9c8ec1ca570fbc9dc83655e9a5cb1552224d2612306811db63a5954227ca782eeaa694b4a860ebdf71e76e7d65b9807173add9ad1dca8cbeae01c9caebb7d
- SSDEEP
  
  3072:VDOU+qJKjmx5YH6GGFNr/UZ5e8GQZhU8LJV+0L4RHgZy7hMFtGFKivarBoJhDi:VqUPJTFpMZ88GUG8LJV+0k7hg0FKiNJs
Score

10^/10

defense_evasion discovery evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistence

behavioral2

defense_evasiondiscoveryevasionpersistence

© 2018-2025

Terms | Privacy