e823f12c245a82a9c421678f960d9590ef8ac2de786442c966fd829a5e1a2152 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

5

26fedfe9ca...18.exe

windows7-x64

7

26fedfe9ca...18.exe

windows10-2004-x64

7

Sharing

General

Target

26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118
Size

32KB
Sample

241008-3dggzsxgkl
MD5

26fedfe9ca4855a8bbdd4bbc61fe06e6
SHA1

c695bc1d78b5bbd27d61650643b9402667b12023
SHA256

e823f12c245a82a9c421678f960d9590ef8ac2de786442c966fd829a5e1a2152
SHA512

53fc529a0058bb87b666d7e91e96b1745f42137f9a9afee668ae2389cb73e97578d8b5090948d1e4c77efd796af6d48072d14ddadd0f1d45757ec9c9e3030954
SSDEEP

768:OIMGlhBxtzSlG3XV2scACW3TftY3lf93LS36HMZT:OgTB+lmV22j3i/S6HMB

Score

7^/10

adware discovery stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe

Resource

win7-20240903-en

adware discovery stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe

Resource

win10v2004-20241007-en

adware discovery stealer upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118
- Size
  
  32KB
- MD5
  
  26fedfe9ca4855a8bbdd4bbc61fe06e6
- SHA1
  
  c695bc1d78b5bbd27d61650643b9402667b12023
- SHA256
  
  e823f12c245a82a9c421678f960d9590ef8ac2de786442c966fd829a5e1a2152
- SHA512
  
  53fc529a0058bb87b666d7e91e96b1745f42137f9a9afee668ae2389cb73e97578d8b5090948d1e4c77efd796af6d48072d14ddadd0f1d45757ec9c9e3030954
- SSDEEP
  
  768:OIMGlhBxtzSlG3XV2scACW3TftY3lf93LS36HMZT:OgTB+lmV22j3i/S6HMB
Score

7^/10

adware discovery stealer upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealerupx

behavioral2

adwarediscoverystealerupx

© 2018-2025

Terms | Privacy