af065902ce4ca1ba7acfc3b0d08be7e8ae1edd73d7f99a17c1e5b504d7f76e94 | Triage

Submit
Reports

Overview

overview

7

Static

static

5

0952a0a375...18.exe

windows7-x64

7

0952a0a375...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

0952a0a3751c5adc4c94e8b7a0be8546_JaffaCakes118
Size

13KB
Sample

241002-g87rrs1gqm
MD5

0952a0a3751c5adc4c94e8b7a0be8546
SHA1

4bd79409e3cd7b1eec80350d334cd8433d7937d1
SHA256

af065902ce4ca1ba7acfc3b0d08be7e8ae1edd73d7f99a17c1e5b504d7f76e94
SHA512

1da986f545a7f499dbf1b9de1b3aae2a933be96114909d7f0d1a98743e662f717c63ad424e184ff441de906898fdb8271815b931de88a53059b6736951e26f00
SSDEEP

192:G0WPLOEYJFGY+fzWfzjwLUoeJ/RBkn30G90xHRc7o3TccU+TY0F+UtYtXae4W0v:G0WKDfg5e5RA30GyxHRio3gcUsHB9W0v

Score

7^/10

discovery persistence privilege_escalation upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0952a0a3751c5adc4c94e8b7a0be8546_JaffaCakes118.exe

Resource

win7-20240708-en

persistence privilege_escalation upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

0952a0a3751c5adc4c94e8b7a0be8546_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery persistence privilege_escalation upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  0952a0a3751c5adc4c94e8b7a0be8546_JaffaCakes118
- Size
  
  13KB
- MD5
  
  0952a0a3751c5adc4c94e8b7a0be8546
- SHA1
  
  4bd79409e3cd7b1eec80350d334cd8433d7937d1
- SHA256
  
  af065902ce4ca1ba7acfc3b0d08be7e8ae1edd73d7f99a17c1e5b504d7f76e94
- SHA512
  
  1da986f545a7f499dbf1b9de1b3aae2a933be96114909d7f0d1a98743e662f717c63ad424e184ff441de906898fdb8271815b931de88a53059b6736951e26f00
- SSDEEP
  
  192:G0WPLOEYJFGY+fzWfzjwLUoeJ/RBkn30G90xHRc7o3TccU+TY0F+UtYtXae4W0v:G0WKDfg5e5RA30GyxHRio3gcUsHB9W0v
Score

7^/10

persistence privilege_escalation upx discovery
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalationupx

behavioral2

discoverypersistenceprivilege_escalationupx

© 2018-2025

Terms | Privacy