40b868f699c522fd8542ccf1a2f52d99801c0928dc2dab6bdaa153e1883d6859 | Triage

Submit
Reports

Overview

overview

Static

static

3

1a373251ae...18.exe

windows7-x64

1a373251ae...18.exe

windows10-2004-x64

Sharing

General

Target

1a373251aee83c1d463d78a008f0ea0d_JaffaCakes118
Size

228KB
Sample

240628-p9gkza1ard
MD5

1a373251aee83c1d463d78a008f0ea0d
SHA1

022b8b0e1ffce77745b6135c8e73c655184a3c51
SHA256

40b868f699c522fd8542ccf1a2f52d99801c0928dc2dab6bdaa153e1883d6859
SHA512

99749d22aead59ce4b4cd6d62dcb016fd3fa90417385f8fc1230d30b0e95ca930d349b76e99ce3a891f6c6ee0f39db540d12d664bd8ab986656b435cd5972656
SSDEEP

768:JWO+aqbbfbYpgNFmqchFsTR4KydW/s9dXziRSLbry75rVilqwMUTLIlnS70XIL70:ArsMUFrDY/cNeRSLy75r8AZUTLIl9f

Score

10^/10

adware evasion persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1a373251aee83c1d463d78a008f0ea0d_JaffaCakes118.exe

Resource

win7-20240221-en

evasion persistence upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a373251aee83c1d463d78a008f0ea0d_JaffaCakes118.exe

Resource

win10v2004-20240611-en

adware evasion persistence stealer upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a373251aee83c1d463d78a008f0ea0d_JaffaCakes118
- Size
  
  228KB
- MD5
  
  1a373251aee83c1d463d78a008f0ea0d
- SHA1
  
  022b8b0e1ffce77745b6135c8e73c655184a3c51
- SHA256
  
  40b868f699c522fd8542ccf1a2f52d99801c0928dc2dab6bdaa153e1883d6859
- SHA512
  
  99749d22aead59ce4b4cd6d62dcb016fd3fa90417385f8fc1230d30b0e95ca930d349b76e99ce3a891f6c6ee0f39db540d12d664bd8ab986656b435cd5972656
- SSDEEP
  
  768:JWO+aqbbfbYpgNFmqchFsTR4KydW/s9dXziRSLbry75rVilqwMUTLIlnS70XIL70:ArsMUFrDY/cNeRSLy75r8AZUTLIl9f
Score

10^/10

evasion persistence upx adware stealer
- Modifies visibility of file extensions in Explorer
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables use of System Restore points
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

adwareevasionpersistencestealerupx

© 2018-2024

Terms | Privacy