33301f16e2df55c02af5dd56d84d9c7f35275fba7578e004c80b8e6f57411509 | Triage

Submit
Reports

Overview

overview

8

Static

static

5

426b9af6e4...18.exe

windows7-x64

8

426b9af6e4...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

426b9af6e447c3e7a45ebe09ad927fd3_JaffaCakes118
Size

123KB
Sample

241014-p1dsqawcrc
MD5

426b9af6e447c3e7a45ebe09ad927fd3
SHA1

c35699d3ef6a634189c226a464e2ea8fac2f4abb
SHA256

33301f16e2df55c02af5dd56d84d9c7f35275fba7578e004c80b8e6f57411509
SHA512

79ab1121c7018e467bd2556038517c6e5159319725e5953c8aef14dd7df9a30f23113e63be4ce26a37bc989e00f079a861b6ea0f57a1f6d82e040567f978a3f1
SSDEEP

3072:OeSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLL7Nr7:OVYrJrOSsRwcpL7

Score

8^/10

discovery upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

426b9af6e447c3e7a45ebe09ad927fd3_JaffaCakes118.exe

Resource

win7-20240708-en

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

426b9af6e447c3e7a45ebe09ad927fd3_JaffaCakes118.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  426b9af6e447c3e7a45ebe09ad927fd3_JaffaCakes118
- Size
  
  123KB
- MD5
  
  426b9af6e447c3e7a45ebe09ad927fd3
- SHA1
  
  c35699d3ef6a634189c226a464e2ea8fac2f4abb
- SHA256
  
  33301f16e2df55c02af5dd56d84d9c7f35275fba7578e004c80b8e6f57411509
- SHA512
  
  79ab1121c7018e467bd2556038517c6e5159319725e5953c8aef14dd7df9a30f23113e63be4ce26a37bc989e00f079a861b6ea0f57a1f6d82e040567f978a3f1
- SSDEEP
  
  3072:OeSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLL7Nr7:OVYrJrOSsRwcpL7
Score

8^/10

discovery upx
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy