f15ee940b81092ac8e1815b6abdd6285138995b76f1aa1980a1e24ad707fd8a7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5

259fc24e5c...18.exe

windows7-x64

259fc24e5c...18.exe

windows10-2004-x64

Sharing

General

Target

259fc24e5c64c722ffd58f0d9672a6bc_JaffaCakes118
Size

34KB
Sample

241008-z6938axfkp
MD5

259fc24e5c64c722ffd58f0d9672a6bc
SHA1

d12e428dd73aa7ea3a2e44b706033d0714cd9bfa
SHA256

f15ee940b81092ac8e1815b6abdd6285138995b76f1aa1980a1e24ad707fd8a7
SHA512

222a5130d1bee3bd3b588c1d3f90fc1be5898bd4a60fd4a5ddc485ca32d2eb544382b71cd026d62f12c3ceb1bf162d6e11325a224265fbbc9892fd93f33f095b
SSDEEP

768:gwgpGhJLzu4QhHHZxojWnC8GPKLGbuiSfxz6nbcuyD7U:Pgpm3u4QHnoyC4LvNfYnouy8

Score

10^/10

discovery evasion execution persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

259fc24e5c64c722ffd58f0d9672a6bc_JaffaCakes118.exe

Resource

win7-20240903-en

discovery evasion execution persistence upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

259fc24e5c64c722ffd58f0d9672a6bc_JaffaCakes118.exe

Resource

win10v2004-20241007-en

discovery evasion execution persistence upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  259fc24e5c64c722ffd58f0d9672a6bc_JaffaCakes118
- Size
  
  34KB
- MD5
  
  259fc24e5c64c722ffd58f0d9672a6bc
- SHA1
  
  d12e428dd73aa7ea3a2e44b706033d0714cd9bfa
- SHA256
  
  f15ee940b81092ac8e1815b6abdd6285138995b76f1aa1980a1e24ad707fd8a7
- SHA512
  
  222a5130d1bee3bd3b588c1d3f90fc1be5898bd4a60fd4a5ddc485ca32d2eb544382b71cd026d62f12c3ceb1bf162d6e11325a224265fbbc9892fd93f33f095b
- SSDEEP
  
  768:gwgpGhJLzu4QhHHZxojWnC8GPKLGbuiSfxz6nbcuyD7U:Pgpm3u4QHnoyC4LvNfYnouy8
Score

10^/10

discovery evasion execution persistence upx
- Disables service(s)
  evasion execution
- Adds policy Run key to start application
  persistence
- Drops file in Drivers directory
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexecutionpersistenceupx

behavioral2

discoveryevasionexecutionpersistenceupx

© 2018-2025

Terms | Privacy