56302b13ba25b27b2cc4e7f51ee00db478f814898a19355e1b79976e1387f322 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

ac95186825...18.exe

windows7-x64

8

ac95186825...18.exe

windows10-2004-x64

8

Sharing

General

Target

ac95186825b222457c085d32ca4cb4a0_JaffaCakes118
Size

2.6MB
Sample

240819-zyhzrszdkn
MD5

ac95186825b222457c085d32ca4cb4a0
SHA1

9f2ea2094d5c42102db88e78ec7a6521684e99ff
SHA256

56302b13ba25b27b2cc4e7f51ee00db478f814898a19355e1b79976e1387f322
SHA512

2e6852d766f3ca0541d79f237a6846ebdaa1b6d04674031dadc76746ddc66bd57e378faf047bbb95644e05f4b53512d85f89661181b72e8fb4fbbcf651545095
SSDEEP

49152:PaWDnkvA3cNuZtt1p7oeYlrEKgI8OkU/WXnyhJ1KXZ3pN+xM9FjDn4y+Cyz0:bXIujZLYOKw/3aJEpZ8xAZcCyz0

Score

8^/10

bootkit discovery persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ac95186825b222457c085d32ca4cb4a0_JaffaCakes118.exe

Resource

win7-20240704-en

bootkit discovery persistence upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

ac95186825b222457c085d32ca4cb4a0_JaffaCakes118.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  ac95186825b222457c085d32ca4cb4a0_JaffaCakes118
- Size
  
  2.6MB
- MD5
  
  ac95186825b222457c085d32ca4cb4a0
- SHA1
  
  9f2ea2094d5c42102db88e78ec7a6521684e99ff
- SHA256
  
  56302b13ba25b27b2cc4e7f51ee00db478f814898a19355e1b79976e1387f322
- SHA512
  
  2e6852d766f3ca0541d79f237a6846ebdaa1b6d04674031dadc76746ddc66bd57e378faf047bbb95644e05f4b53512d85f89661181b72e8fb4fbbcf651545095
- SSDEEP
  
  49152:PaWDnkvA3cNuZtt1p7oeYlrEKgI8OkU/WXnyhJ1KXZ3pN+xM9FjDn4y+Cyz0:bXIujZLYOKw/3aJEpZ8xAZcCyz0
Score

8^/10

bootkit discovery persistence upx
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistenceupx

behavioral2

© 2018-2025

Terms | Privacy