f28b8bcbffe40a4236a317a5ead1988b1fdec74df5f9fbb3725d7b88a1aaba8b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

5

0982f497a2...18.exe

windows7-x64

7

0982f497a2...18.exe

windows10-2004-x64

7

Sharing

General

Target

0982f497a252dc1c7ce68667ccb8c239_JaffaCakes118
Size

25KB
Sample

241002-h5pbpaxelc
MD5

0982f497a252dc1c7ce68667ccb8c239
SHA1

365d5e6180f6afedf02763e3e9e6a82f86e79cec
SHA256

f28b8bcbffe40a4236a317a5ead1988b1fdec74df5f9fbb3725d7b88a1aaba8b
SHA512

2a9bf536e250744872111d6a026c779db4dee417a01cb552129f1ae77e92bdb8746e9b0735f8062d97818eaf29f85d2719c4f648d2140e8961094d09cb4b259f
SSDEEP

384:qxi2JktIDnFpccpEsAiaaB7hfO58vJrF1rJ5q9B/Jz9RYS1uHnldkeqvLNFv:R2JOIDnFp2MB7I25jrJA/x9PuHnKvL

Score

7^/10

defense_evasion discovery upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0982f497a252dc1c7ce68667ccb8c239_JaffaCakes118.exe

Resource

win7-20240729-en

defense_evasion discovery upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

0982f497a252dc1c7ce68667ccb8c239_JaffaCakes118.exe

Resource

win10v2004-20240802-en

defense_evasion discovery upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  0982f497a252dc1c7ce68667ccb8c239_JaffaCakes118
- Size
  
  25KB
- MD5
  
  0982f497a252dc1c7ce68667ccb8c239
- SHA1
  
  365d5e6180f6afedf02763e3e9e6a82f86e79cec
- SHA256
  
  f28b8bcbffe40a4236a317a5ead1988b1fdec74df5f9fbb3725d7b88a1aaba8b
- SHA512
  
  2a9bf536e250744872111d6a026c779db4dee417a01cb552129f1ae77e92bdb8746e9b0735f8062d97818eaf29f85d2719c4f648d2140e8961094d09cb4b259f
- SSDEEP
  
  384:qxi2JktIDnFpccpEsAiaaB7hfO58vJrF1rJ5q9B/Jz9RYS1uHnldkeqvLNFv:R2JOIDnFp2MB7I25jrJA/x9PuHnKvL
Score

7^/10

defense_evasion discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryupx

behavioral2

defense_evasiondiscoveryupx

© 2018-2025

Terms | Privacy