0a19df878b848c99598880492b48eff750bcdafcc36dfa1e4cc776d5f63ae071 | Triage

Submit
Reports

Overview

overview

7

Static

static

5

27a405172d...18.exe

windows7-x64

7

27a405172d...18.exe

windows10-2004-x64

7

Sharing

General

Target

27a405172d883a8f8899cd6c4d5bfa4c_JaffaCakes118
Size

13KB
Sample

241009-anxmqsxbmb
MD5

27a405172d883a8f8899cd6c4d5bfa4c
SHA1

0e4d4d84161fbf8e30a5050885773d470e7c9466
SHA256

0a19df878b848c99598880492b48eff750bcdafcc36dfa1e4cc776d5f63ae071
SHA512

5b25a8bebb9aa407ca6451719fb329b7f00bde411ad0c9c1da39fb5107195eb632ecde4fb90143fc0f42f14eebbcf6c7a9cc8c38b63c12b3c131fa42f54b6d46
SSDEEP

192:y7eZZxiLoIKXTMC3IizzwsPpjErEIkuJDYdVjXONMQ//dfJACoCJE8QO7hsZ:yCFiLo/XI+Iioeor86VjVyCJEw2Z

Score

7^/10

defense_evasion discovery persistence privilege_escalation upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

27a405172d883a8f8899cd6c4d5bfa4c_JaffaCakes118.exe

Resource

win7-20240903-en

defense_evasion discovery persistence privilege_escalation upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

27a405172d883a8f8899cd6c4d5bfa4c_JaffaCakes118.exe

Resource

win10v2004-20241007-en

defense_evasion discovery persistence privilege_escalation upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  27a405172d883a8f8899cd6c4d5bfa4c_JaffaCakes118
- Size
  
  13KB
- MD5
  
  27a405172d883a8f8899cd6c4d5bfa4c
- SHA1
  
  0e4d4d84161fbf8e30a5050885773d470e7c9466
- SHA256
  
  0a19df878b848c99598880492b48eff750bcdafcc36dfa1e4cc776d5f63ae071
- SHA512
  
  5b25a8bebb9aa407ca6451719fb329b7f00bde411ad0c9c1da39fb5107195eb632ecde4fb90143fc0f42f14eebbcf6c7a9cc8c38b63c12b3c131fa42f54b6d46
- SSDEEP
  
  192:y7eZZxiLoIKXTMC3IizzwsPpjErEIkuJDYdVjXONMQ//dfJACoCJE8QO7hsZ:yCFiLo/XI+Iioeor86VjVyCJEw2Z
Score

7^/10

defense_evasion discovery persistence privilege_escalation upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalationupx

behavioral2

defense_evasiondiscoverypersistenceprivilege_escalationupx

© 2018-2025

Terms | Privacy