cfeee34235a2945605a1ac5f98f51863e3d7c641294f0b6df5bd70284f670179 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

0ec6d61b12...18.exe

windows7-x64

0ec6d61b12...18.exe

windows10-2004-x64

Sharing

General

Target

0ec6d61b12e3ff3ea863439cb4869887_JaffaCakes118
Size

132KB
Sample

241003-kcwleaxelh
MD5

0ec6d61b12e3ff3ea863439cb4869887
SHA1

023200ebdf6c6e78b54ae545f5e4e4c7cc803b62
SHA256

cfeee34235a2945605a1ac5f98f51863e3d7c641294f0b6df5bd70284f670179
SHA512

36e677cd83df4b9e7ccf1bd601645c628cccff309bc282bdd0ec20f37bed95bf6f0496652dbaacb1f04f5513d2cc166b042de059b8f0af2c786e5984c1402fac
SSDEEP

768:h/raHM782f9rvs2Zg5nicskQzTGfxgzh3emu4v/eB4z7VP7LdGSu2HyTAzfMgTA1:h/roM7ZJfUQWgY54v

Score

10^/10

discovery evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0ec6d61b12e3ff3ea863439cb4869887_JaffaCakes118.exe

Resource

win7-20240903-en

discovery evasion persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

0ec6d61b12e3ff3ea863439cb4869887_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion persistence

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  0ec6d61b12e3ff3ea863439cb4869887_JaffaCakes118
- Size
  
  132KB
- MD5
  
  0ec6d61b12e3ff3ea863439cb4869887
- SHA1
  
  023200ebdf6c6e78b54ae545f5e4e4c7cc803b62
- SHA256
  
  cfeee34235a2945605a1ac5f98f51863e3d7c641294f0b6df5bd70284f670179
- SHA512
  
  36e677cd83df4b9e7ccf1bd601645c628cccff309bc282bdd0ec20f37bed95bf6f0496652dbaacb1f04f5513d2cc166b042de059b8f0af2c786e5984c1402fac
- SSDEEP
  
  768:h/raHM782f9rvs2Zg5nicskQzTGfxgzh3emu4v/eB4z7VP7LdGSu2HyTAzfMgTA1:h/roM7ZJfUQWgY54v
Score

10^/10

discovery evasion persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence

© 2018-2025

Terms | Privacy