36e39a3a389091c65a617150c0b8f4cb959cfdb7b5cfabf9834561c10f5917d0 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

1aa61d844c...18.exe

windows7-x64

8

1aa61d844c...18.exe

windows10-2004-x64

8

Sharing

General

Target

1aa61d844c0ee119a4cf038a62ef79cc_JaffaCakes118
Size

28KB
Sample

240701-knb15svhkm
MD5

1aa61d844c0ee119a4cf038a62ef79cc
SHA1

f1419a22ec69a77d12b7c0c539e8766241035217
SHA256

36e39a3a389091c65a617150c0b8f4cb959cfdb7b5cfabf9834561c10f5917d0
SHA512

a1975e65f7acc3f7a7c73dd4fae94448715b7e7c07bca5da70f46b2f242df4e5e9ead065abce050da44885d02783fbbcff4032e3c0d22a78c6d8f793f44a9a04
SSDEEP

768:QeKLIHpK54oIKv/jl1yqbht5gtnbcuyD7U:7KfIKvrVL5gtnouy8

Score

8^/10

adware persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1aa61d844c0ee119a4cf038a62ef79cc_JaffaCakes118.exe

Resource

win7-20240611-en

adware persistence stealer upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

1aa61d844c0ee119a4cf038a62ef79cc_JaffaCakes118.exe

Resource

win10v2004-20240508-en

adware persistence stealer upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  1aa61d844c0ee119a4cf038a62ef79cc_JaffaCakes118
- Size
  
  28KB
- MD5
  
  1aa61d844c0ee119a4cf038a62ef79cc
- SHA1
  
  f1419a22ec69a77d12b7c0c539e8766241035217
- SHA256
  
  36e39a3a389091c65a617150c0b8f4cb959cfdb7b5cfabf9834561c10f5917d0
- SHA512
  
  a1975e65f7acc3f7a7c73dd4fae94448715b7e7c07bca5da70f46b2f242df4e5e9ead065abce050da44885d02783fbbcff4032e3c0d22a78c6d8f793f44a9a04
- SSDEEP
  
  768:QeKLIHpK54oIKv/jl1yqbht5gtnbcuyD7U:7KfIKvrVL5gtnouy8
Score

8^/10

adware persistence stealer upx
- Adds policy Run key to start application
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwarepersistencestealerupx

behavioral2

adwarepersistencestealerupx

© 2018-2024

Terms | Privacy