9dd0c3e5e7eda5f6c5caf3128fbc5b5e9c24a8de165e526b2618b4fbd5461bc8 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

3fbbc4076a...18.exe

windows7-x64

7

3fbbc4076a...18.exe

windows10-2004-x64

7

Sharing

General

Target

3fbbc4076a45bfbe08334c587cc5a190_JaffaCakes118
Size

3.1MB
Sample

241013-n6mr5svgjb
MD5

3fbbc4076a45bfbe08334c587cc5a190
SHA1

1855d84f967d46fe79877a59040eede7083fc0aa
SHA256

9dd0c3e5e7eda5f6c5caf3128fbc5b5e9c24a8de165e526b2618b4fbd5461bc8
SHA512

48f7f14de94ad99be65997066faa67d48d20c41a6b620e7311a513e116d91ee2e5da38a174237cd234bbc1eed1d457683ef9c94fb931fe2150826bfa6cccc2af
SSDEEP

98304:8g6t0F4NvE79tc0QIBl8j2fUi/QsGG+pWIGE15L0qqdhF:8vycA9NBl8SfmsR6KqQF

Score

7^/10

adware discovery persistence privilege_escalation stealer

Static task

static1

Behavioral task

behavioral1

Sample

3fbbc4076a45bfbe08334c587cc5a190_JaffaCakes118.exe

Resource

win7-20240729-en

adware discovery persistence privilege_escalation stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

3fbbc4076a45bfbe08334c587cc5a190_JaffaCakes118.exe

Resource

win10v2004-20241007-en

adware discovery persistence privilege_escalation stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  3fbbc4076a45bfbe08334c587cc5a190_JaffaCakes118
- Size
  
  3.1MB
- MD5
  
  3fbbc4076a45bfbe08334c587cc5a190
- SHA1
  
  1855d84f967d46fe79877a59040eede7083fc0aa
- SHA256
  
  9dd0c3e5e7eda5f6c5caf3128fbc5b5e9c24a8de165e526b2618b4fbd5461bc8
- SHA512
  
  48f7f14de94ad99be65997066faa67d48d20c41a6b620e7311a513e116d91ee2e5da38a174237cd234bbc1eed1d457683ef9c94fb931fe2150826bfa6cccc2af
- SSDEEP
  
  98304:8g6t0F4NvE79tc0QIBl8j2fUi/QsGG+pWIGE15L0qqdhF:8vycA9NBl8SfmsR6KqQF
Score

7^/10

adware discovery persistence privilege_escalation stealer
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistenceprivilege_escalationstealer

behavioral2

adwarediscoverypersistenceprivilege_escalationstealer

© 2018-2025

Terms | Privacy