11c190bcaf5db1dfd34a19d133df75dca06328bc0712ceceb447596b43b67a82 | Triage

Submit
Reports

Overview

overview

Static

static

3

3c991cb4c0...18.exe

windows7-x64

7

3c991cb4c0...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

3c991cb4c01a22e0163d854705273b9c_JaffaCakes118
Size

79KB
Sample

241012-3gn18sxdkg
MD5

3c991cb4c01a22e0163d854705273b9c
SHA1

665b6f4df48e92cb5cbdbbd3302767faf87a5496
SHA256

11c190bcaf5db1dfd34a19d133df75dca06328bc0712ceceb447596b43b67a82
SHA512

710e72a5b29c26b7c3ccb8469cf2b1e0a5b80dbcc626b4470206da336b66267b341d390ce2512e5aaf84e0cb3a9fe65cc32758a58b2ffad892fcc8f4cf6d4506
SSDEEP

1536:YQxqcQu01TZlgkcgZYdfVCydmtXOd4fLJj3jW:X/0zlgNgZY5VCpW4DJW

Score

10^/10

discovery persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3c991cb4c01a22e0163d854705273b9c_JaffaCakes118.exe

Resource

win7-20241010-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

3c991cb4c01a22e0163d854705273b9c_JaffaCakes118.exe

Resource

win10v2004-20241007-en

discovery persistence upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  3c991cb4c01a22e0163d854705273b9c_JaffaCakes118
- Size
  
  79KB
- MD5
  
  3c991cb4c01a22e0163d854705273b9c
- SHA1
  
  665b6f4df48e92cb5cbdbbd3302767faf87a5496
- SHA256
  
  11c190bcaf5db1dfd34a19d133df75dca06328bc0712ceceb447596b43b67a82
- SHA512
  
  710e72a5b29c26b7c3ccb8469cf2b1e0a5b80dbcc626b4470206da336b66267b341d390ce2512e5aaf84e0cb3a9fe65cc32758a58b2ffad892fcc8f4cf6d4506
- SSDEEP
  
  1536:YQxqcQu01TZlgkcgZYdfVCydmtXOd4fLJj3jW:X/0zlgNgZY5VCpW4DJW
Score

10^/10

discovery upx persistence
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistenceupx

© 2018-2025

Terms | Privacy