cdefc85620cface07d3f894e8916cbb7b44b3aa259e557454534159818751bdb | Triage

Submit
Reports

Overview

overview

7

Static

static

1

4702833f9e...18.exe

windows7-x64

7

4702833f9e...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

4702833f9eb31ccb9c45706ff19fdca4_JaffaCakes118
Size

8.1MB
Sample

240515-twqc6shf47
MD5

4702833f9eb31ccb9c45706ff19fdca4
SHA1

49bbc3e4f2e951cbb022bda7d1eac79b3e9b4924
SHA256

cdefc85620cface07d3f894e8916cbb7b44b3aa259e557454534159818751bdb
SHA512

49b2ad984799229d16242042d59c94bab35a6950d7c843b3384afea621a2549887f6b0e2e1cd4d7d183e5877a8c79c5853181b0785b458e2d6a55ae033fff094
SSDEEP

196608:rOI1xpCO3BD/XNf53EFz89WY6+AjII2MRHP:aEkO3lXNxCY8n8PMBP

Score

7^/10

bootkit discovery persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

4702833f9eb31ccb9c45706ff19fdca4_JaffaCakes118.exe

Resource

win7-20240221-en

bootkit discovery persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

4702833f9eb31ccb9c45706ff19fdca4_JaffaCakes118.exe

Resource

win10v2004-20240508-en

bootkit discovery persistence upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  4702833f9eb31ccb9c45706ff19fdca4_JaffaCakes118
- Size
  
  8.1MB
- MD5
  
  4702833f9eb31ccb9c45706ff19fdca4
- SHA1
  
  49bbc3e4f2e951cbb022bda7d1eac79b3e9b4924
- SHA256
  
  cdefc85620cface07d3f894e8916cbb7b44b3aa259e557454534159818751bdb
- SHA512
  
  49b2ad984799229d16242042d59c94bab35a6950d7c843b3384afea621a2549887f6b0e2e1cd4d7d183e5877a8c79c5853181b0785b458e2d6a55ae033fff094
- SSDEEP
  
  196608:rOI1xpCO3BD/XNf53EFz89WY6+AjII2MRHP:aEkO3lXNxCY8n8PMBP
Score

7^/10

bootkit discovery persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistenceupx

behavioral2

bootkitdiscoverypersistenceupx

© 2018-2025

Terms | Privacy