9adf48f0ceccabd6e38b33006f22f14e405355b11f44fb38654f290ce42edfb3 | Triage

Submit
Reports

Overview

overview

7

Static

static

7

fdd028ce32...18.exe

windows7-x64

7

fdd028ce32...18.exe

windows10-2004-x64

7

Sharing

General

Target

fdd028ce322aa93545555e99667325d4_JaffaCakes118
Size

202KB
Sample

240420-2kwd2sbg74
MD5

fdd028ce322aa93545555e99667325d4
SHA1

41c73576f1c806121faeb5bc3d5d89cbfff8265c
SHA256

9adf48f0ceccabd6e38b33006f22f14e405355b11f44fb38654f290ce42edfb3
SHA512

d61fbe19e7648aa9a1ecf095b7f5578fd5b06a5727f8b3a9cbd1f44ecde85e2ef28332191d62ee9f1b726531b8d673219d0ed494ec0442e38b5d8054b85116d7
SSDEEP

6144:h5YB4ruXIiAAttZvd3DCza1mgGeYJnZwA:h5Q4r6eAtt5dz71XYMA

Score

7^/10

bootkit persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fdd028ce322aa93545555e99667325d4_JaffaCakes118.exe

Resource

win7-20240221-en

bootkit persistence upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

fdd028ce322aa93545555e99667325d4_JaffaCakes118.exe

Resource

win10v2004-20240226-en

bootkit persistence upx

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  fdd028ce322aa93545555e99667325d4_JaffaCakes118
- Size
  
  202KB
- MD5
  
  fdd028ce322aa93545555e99667325d4
- SHA1
  
  41c73576f1c806121faeb5bc3d5d89cbfff8265c
- SHA256
  
  9adf48f0ceccabd6e38b33006f22f14e405355b11f44fb38654f290ce42edfb3
- SHA512
  
  d61fbe19e7648aa9a1ecf095b7f5578fd5b06a5727f8b3a9cbd1f44ecde85e2ef28332191d62ee9f1b726531b8d673219d0ed494ec0442e38b5d8054b85116d7
- SSDEEP
  
  6144:h5YB4ruXIiAAttZvd3DCza1mgGeYJnZwA:h5Q4r6eAtt5dz71XYMA
Score

7^/10

bootkit persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

bootkitpersistenceupx

© 2018-2024

Terms | Privacy