d5ca9236d8ff03fabf6e29183f2ded182dff76e504871bf5dfb4e19d2e0b7528 | Triage

Submit
Reports

Overview

overview

8

Static

static

5

a282c1f339...18.exe

windows7-x64

8

a282c1f339...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

a282c1f33946fdd8875c3cbbf1de0b5e_JaffaCakes118
Size

33KB
Sample

241126-r5rw9a1rgk
MD5

a282c1f33946fdd8875c3cbbf1de0b5e
SHA1

47b738619f2248cce293f8ec558c90eb1e4fc7fc
SHA256

d5ca9236d8ff03fabf6e29183f2ded182dff76e504871bf5dfb4e19d2e0b7528
SHA512

c2ed5c3da7523fab19b55be484e6b3e94aa582e440e47b826b5127929b7cf7093cf6a265f15a43bd3b7e16844b47c09c8f0a4b63e9e38139614d265f9a8dc2fe
SSDEEP

768:pcYipYqk40CvqfaKbxFAe+RKqfKIffjYq420sEHO:pViBkytG9+gqCPVO

Score

8^/10

defense_evasion discovery lateral_movement persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a282c1f33946fdd8875c3cbbf1de0b5e_JaffaCakes118.exe

Resource

win7-20241010-en

defense_evasion discovery persistence upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

a282c1f33946fdd8875c3cbbf1de0b5e_JaffaCakes118.exe

Resource

win10v2004-20241007-en

defense_evasion discovery lateral_movement upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  a282c1f33946fdd8875c3cbbf1de0b5e_JaffaCakes118
- Size
  
  33KB
- MD5
  
  a282c1f33946fdd8875c3cbbf1de0b5e
- SHA1
  
  47b738619f2248cce293f8ec558c90eb1e4fc7fc
- SHA256
  
  d5ca9236d8ff03fabf6e29183f2ded182dff76e504871bf5dfb4e19d2e0b7528
- SHA512
  
  c2ed5c3da7523fab19b55be484e6b3e94aa582e440e47b826b5127929b7cf7093cf6a265f15a43bd3b7e16844b47c09c8f0a4b63e9e38139614d265f9a8dc2fe
- SSDEEP
  
  768:pcYipYqk40CvqfaKbxFAe+RKqfKIffjYq420sEHO:pViBkytG9+gqCPVO
Score

8^/10

defense_evasion discovery persistence upx lateral_movement
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Deletes itself
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Remote Services: SMB/Windows Admin Shares
  Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
  lateral_movement
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Remote Services

SMB/Windows Admin Shares

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceupx

behavioral2

defense_evasiondiscoverylateral_movementupx

© 2018-2025

Terms | Privacy