563cfe59e2d184267a940e1ea7dd84c7423b33d31da05dd0e93d50e098db34db | Triage

Submit
Reports

Overview

overview

8

Static

static

3

53ce3d6cd1...18.exe

windows7-x64

8

53ce3d6cd1...18.exe

windows10-2004-x64

8

Sharing

General

Target

53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118
Size

327KB
Sample

241017-z8572sxcng
MD5

53ce3d6cd13d8f20b5130dc471c1193a
SHA1

f9ee3dd8777c69f2da388deb9e595127bea56975
SHA256

563cfe59e2d184267a940e1ea7dd84c7423b33d31da05dd0e93d50e098db34db
SHA512

83a3ad6b3fc4f2376651759b4ddb76c68100f0845576dda00b157ea1c35d48417b1394593195d1b7d2c3583c9361445928d2249b20598761c072400e322b4b29
SSDEEP

6144:H6MPJyaUMTgAUZjwK4DVVnQnsJqfxbEh9O12I/HCT0H+hGcZhrHJLqW6ZWI:aMPJ9gAQcK4BVQvEh42I/tH+hX3rHFqn

Score

8^/10

discovery evasion upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe

Resource

win7-20240903-en

discovery evasion upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe

Resource

win10v2004-20241007-en

discovery evasion upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118
- Size
  
  327KB
- MD5
  
  53ce3d6cd13d8f20b5130dc471c1193a
- SHA1
  
  f9ee3dd8777c69f2da388deb9e595127bea56975
- SHA256
  
  563cfe59e2d184267a940e1ea7dd84c7423b33d31da05dd0e93d50e098db34db
- SHA512
  
  83a3ad6b3fc4f2376651759b4ddb76c68100f0845576dda00b157ea1c35d48417b1394593195d1b7d2c3583c9361445928d2249b20598761c072400e322b4b29
- SSDEEP
  
  6144:H6MPJyaUMTgAUZjwK4DVVnQnsJqfxbEh9O12I/HCT0H+hGcZhrHJLqW6ZWI:aMPJ9gAQcK4BVQvEh42I/tH+hX3rHFqn
Score

8^/10

discovery evasion upx
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionupx

behavioral2

discoveryevasionupx

© 2018-2025

Terms | Privacy