dded610274cae6b30e5978520f8fd2a9a915e347bf7cd7dab37ff077049d2f5f | Triage

Submit
Reports

Overview

overview

8

Static

static

3

37eeefc678...18.exe

windows7-x64

8

37eeefc678...18.exe

windows10-2004-x64

8

Sharing

General

Target

37eeefc678cbdded1c7798d10c286f18_JaffaCakes118
Size

331KB
Sample

240711-gh7n3ssarn
MD5

37eeefc678cbdded1c7798d10c286f18
SHA1

dd8673023ae6855c7f7f09aef2b131ed1be685af
SHA256

dded610274cae6b30e5978520f8fd2a9a915e347bf7cd7dab37ff077049d2f5f
SHA512

21f6f17b551b1c2df3687e60906aaf75286900748d26bd5966f6d83273837305755cc7049b15d4207423b90bbb0afb892bd071d766261eb3cf77b18d7d837fe0
SSDEEP

6144:i1glyu6VrzBUNCK70gqMk+qJdh4HzyYtsFM24TyQOGoQbwyUx/F8pKMOO9io:i59BUNCK7l5qJIGYtsSvT0SuCtOS

Score

8^/10

bootkit persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

37eeefc678cbdded1c7798d10c286f18_JaffaCakes118.exe

Resource

win7-20240708-en

bootkit persistence upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

37eeefc678cbdded1c7798d10c286f18_JaffaCakes118.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  37eeefc678cbdded1c7798d10c286f18_JaffaCakes118
- Size
  
  331KB
- MD5
  
  37eeefc678cbdded1c7798d10c286f18
- SHA1
  
  dd8673023ae6855c7f7f09aef2b131ed1be685af
- SHA256
  
  dded610274cae6b30e5978520f8fd2a9a915e347bf7cd7dab37ff077049d2f5f
- SHA512
  
  21f6f17b551b1c2df3687e60906aaf75286900748d26bd5966f6d83273837305755cc7049b15d4207423b90bbb0afb892bd071d766261eb3cf77b18d7d837fe0
- SSDEEP
  
  6144:i1glyu6VrzBUNCK70gqMk+qJdh4HzyYtsFM24TyQOGoQbwyUx/F8pKMOO9io:i59BUNCK7l5qJIGYtsSvT0SuCtOS
Score

8^/10

bootkit persistence upx
- Drops file in Drivers directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

© 2018-2025

Terms | Privacy