e1a909f2a2495422b0aa7ab2e414f3820053538e962bb5d403debaa97756baca | Triage

Submit
Reports

Overview

overview

8

Static

static

5

9f0d893010...18.exe

windows7-x64

8

9f0d893010...18.exe

windows10-2004-x64

8

Sharing

General

Target

9f0d893010726164e0433e3621deb304_JaffaCakes118
Size

123KB
Sample

241126-bwhn8atlfq
MD5

9f0d893010726164e0433e3621deb304
SHA1

30db6fda7b73c7eacca7f2a29988d742d5f1d3aa
SHA256

e1a909f2a2495422b0aa7ab2e414f3820053538e962bb5d403debaa97756baca
SHA512

eb37387c4795de4e2302f2a8ee5cc179b9de66370da16aba5f9342b31462fb9b2f16912dfd565093527690feefeeae71d8f5147edc005795599271ed30a726f4
SSDEEP

3072:OeSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLLDOdz:OVYrJrOSsRwcpxSz

Score

8^/10

discovery upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9f0d893010726164e0433e3621deb304_JaffaCakes118.exe

Resource

win7-20240903-en

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

9f0d893010726164e0433e3621deb304_JaffaCakes118.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  9f0d893010726164e0433e3621deb304_JaffaCakes118
- Size
  
  123KB
- MD5
  
  9f0d893010726164e0433e3621deb304
- SHA1
  
  30db6fda7b73c7eacca7f2a29988d742d5f1d3aa
- SHA256
  
  e1a909f2a2495422b0aa7ab2e414f3820053538e962bb5d403debaa97756baca
- SHA512
  
  eb37387c4795de4e2302f2a8ee5cc179b9de66370da16aba5f9342b31462fb9b2f16912dfd565093527690feefeeae71d8f5147edc005795599271ed30a726f4
- SSDEEP
  
  3072:OeSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLLDOdz:OVYrJrOSsRwcpxSz
Score

8^/10

discovery upx
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy