841528d075b359f05c0c91d03d964cea9931389eaf89c055e31137c2cff81f05 | Triage

Submit
Reports

Overview

overview

7

Static

static

5

JaffaCakes...30.exe

windows7-x64

7

JaffaCakes...30.exe

windows10-2004-x64

7

Sharing

General

Target

JaffaCakes118_98e3c49a7e09b470b6da361dcc7a5330
Size

29KB
Sample

250330-tlgy2svj14
MD5

98e3c49a7e09b470b6da361dcc7a5330
SHA1

846e7587d8e24bfaa22f4433ccc0b6619c4d9118
SHA256

841528d075b359f05c0c91d03d964cea9931389eaf89c055e31137c2cff81f05
SHA512

63e43ff2437e84ec5488abc2924ce2251c722ede62f53407d315953706b12e0ac4a3495ac5d09905ffc86891c4b5c7bddd3e29e6b125de02c075d815f720c3e8
SSDEEP

384:MCF3rgLolfJGT+zpgkGrLjSwZ9KsKPdVAEh2XqYYEOWAGJplLmIEYP5YdY8TkCUS:XF3rgIReQGWOuL2eyAKbm1ov8g0N

Score

7^/10

defense_evasion discovery upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_98e3c49a7e09b470b6da361dcc7a5330.exe

Resource

win7-20240903-en

defense_evasion discovery upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_98e3c49a7e09b470b6da361dcc7a5330.exe

Resource

win10v2004-20250314-en

defense_evasion discovery upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_98e3c49a7e09b470b6da361dcc7a5330
- Size
  
  29KB
- MD5
  
  98e3c49a7e09b470b6da361dcc7a5330
- SHA1
  
  846e7587d8e24bfaa22f4433ccc0b6619c4d9118
- SHA256
  
  841528d075b359f05c0c91d03d964cea9931389eaf89c055e31137c2cff81f05
- SHA512
  
  63e43ff2437e84ec5488abc2924ce2251c722ede62f53407d315953706b12e0ac4a3495ac5d09905ffc86891c4b5c7bddd3e29e6b125de02c075d815f720c3e8
- SSDEEP
  
  384:MCF3rgLolfJGT+zpgkGrLjSwZ9KsKPdVAEh2XqYYEOWAGJplLmIEYP5YdY8TkCUS:XF3rgIReQGWOuL2eyAKbm1ov8g0N
Score

7^/10

defense_evasion discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryupx

behavioral2

defense_evasiondiscoveryupx

© 2018-2025

Terms | Privacy