1dc013590c9736cffb90570966fec2f2b618f59f77ef26267ba62f5ebf75bf28 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

11c3693d97...18.exe

windows7-x64

8

11c3693d97...18.exe

windows10-2004-x64

8

Sharing

General

Target

11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118
Size

1.2MB
Sample

241004-enh7katcnn
MD5

11c3693d97fe89bd773e216c3db36e7e
SHA1

ac4d0d1d1c8c3db25bde71eb1ef014d676b4e630
SHA256

1dc013590c9736cffb90570966fec2f2b618f59f77ef26267ba62f5ebf75bf28
SHA512

bc37004ce016e7ff3c17acfc15cd9e7c131483ffde0a762439cc554348856075eb7944a03803ec95ea30eb9d95e680c1875f444eb37a82fafa24759ca2c43eeb
SSDEEP

24576:fxG/hXXZahMUbJ+XdKe6tRJKCnRMvsvXB+3HI1Vsr37:oVZk5bne6tBnRGaA3HI1VsrL

Score

8^/10

discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.exe

Resource

win7-20240903-en

discovery persistence privilege_escalation

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery persistence privilege_escalation

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  11c3693d97fe89bd773e216c3db36e7e_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  11c3693d97fe89bd773e216c3db36e7e
- SHA1
  
  ac4d0d1d1c8c3db25bde71eb1ef014d676b4e630
- SHA256
  
  1dc013590c9736cffb90570966fec2f2b618f59f77ef26267ba62f5ebf75bf28
- SHA512
  
  bc37004ce016e7ff3c17acfc15cd9e7c131483ffde0a762439cc554348856075eb7944a03803ec95ea30eb9d95e680c1875f444eb37a82fafa24759ca2c43eeb
- SSDEEP
  
  24576:fxG/hXXZahMUbJ+XdKe6tRJKCnRMvsvXB+3HI1Vsr37:oVZk5bne6tBnRGaA3HI1VsrL
Score

8^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy