6c2d2ead3d7604d3964bdfc82ec7a039a30bd0c859be9847c6507c9592ab471f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

5

561de96265...18.exe

windows7-x64

8

561de96265...18.exe

windows10-2004-x64

8

Sharing

General

Target

561de96265f50a07da38a45bf5cb6a75_JaffaCakes118
Size

151KB
Sample

241018-h2z9satfqf
MD5

561de96265f50a07da38a45bf5cb6a75
SHA1

953becd20c151f9a47b9a699bf69858b732c327e
SHA256

6c2d2ead3d7604d3964bdfc82ec7a039a30bd0c859be9847c6507c9592ab471f
SHA512

b6713cf7e5d0f9277b67fec9271b8a9cc1456272f6bef058783ea41d7fa6f86bd688cfd32a3933ed77abc71d3d03f90a6742a1536e06bf04e80de1c46541263e
SSDEEP

3072:nK62PXJLEGlSJH/BAA92VkMSNx3mUge+dhojTs:nKX/JLEGkJH/uNkMege+w3s

Score

8^/10

discovery persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

561de96265f50a07da38a45bf5cb6a75_JaffaCakes118.exe

Resource

win7-20240903-en

discovery persistence upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

561de96265f50a07da38a45bf5cb6a75_JaffaCakes118.exe

Resource

win10v2004-20241007-en

discovery persistence upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  561de96265f50a07da38a45bf5cb6a75_JaffaCakes118
- Size
  
  151KB
- MD5
  
  561de96265f50a07da38a45bf5cb6a75
- SHA1
  
  953becd20c151f9a47b9a699bf69858b732c327e
- SHA256
  
  6c2d2ead3d7604d3964bdfc82ec7a039a30bd0c859be9847c6507c9592ab471f
- SHA512
  
  b6713cf7e5d0f9277b67fec9271b8a9cc1456272f6bef058783ea41d7fa6f86bd688cfd32a3933ed77abc71d3d03f90a6742a1536e06bf04e80de1c46541263e
- SSDEEP
  
  3072:nK62PXJLEGlSJH/BAA92VkMSNx3mUge+dhojTs:nKX/JLEGkJH/uNkMege+w3s
Score

8^/10

discovery persistence upx
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

behavioral2

discoverypersistenceupx

© 2018-2025

Terms | Privacy