dd59264648ac20500bf61a73f8612039d3a1f7c9d4001bdb0e0410152fa44b5b | Triage

Submit
Reports

Overview

overview

Static

static

3

2e5c2446f8...18.exe

windows7-x64

2e5c2446f8...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

2e5c2446f85164d845d585645922cc62_JaffaCakes118
Size

274KB
Sample

241009-kzcrtasapj
MD5

2e5c2446f85164d845d585645922cc62
SHA1

e5d8e44a5eaf3b5ee80c12ffb0c226afc75700ae
SHA256

dd59264648ac20500bf61a73f8612039d3a1f7c9d4001bdb0e0410152fa44b5b
SHA512

133716bc55cffb583b0f390f94cc59a04530c1d5fe6efa80702c4e1b7c28998a5b2dbf92fd396a0b32e5f9c4f61212609c5964f4c639f893b9d39719205d35d2
SSDEEP

6144:CpJdxPzEBBUbDvb5KvfIm0y+FQ3qffFZ32HU3eo6wNp0hvfnhN:MzEnU9iwmfeQ3qf9E0uKNpyT

Score

10^/10

adware discovery persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2e5c2446f85164d845d585645922cc62_JaffaCakes118.exe

Resource

win7-20240903-en

adware discovery persistence stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

2e5c2446f85164d845d585645922cc62_JaffaCakes118.exe

Resource

win10v2004-20241007-en

adware discovery persistence stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  2e5c2446f85164d845d585645922cc62_JaffaCakes118
- Size
  
  274KB
- MD5
  
  2e5c2446f85164d845d585645922cc62
- SHA1
  
  e5d8e44a5eaf3b5ee80c12ffb0c226afc75700ae
- SHA256
  
  dd59264648ac20500bf61a73f8612039d3a1f7c9d4001bdb0e0410152fa44b5b
- SHA512
  
  133716bc55cffb583b0f390f94cc59a04530c1d5fe6efa80702c4e1b7c28998a5b2dbf92fd396a0b32e5f9c4f61212609c5964f4c639f893b9d39719205d35d2
- SSDEEP
  
  6144:CpJdxPzEBBUbDvb5KvfIm0y+FQ3qffFZ32HU3eo6wNp0hvfnhN:MzEnU9iwmfeQ3qf9E0uKNpyT
Score

10^/10

adware discovery persistence stealer
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer

behavioral2

adwarediscoverypersistencestealer

© 2018-2025

Terms | Privacy