9547a88a449770505f65b56a176b96c0218c1d1e711f48dc204b477b63fc7930 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

bc0c427f5a...18.exe

windows7-x64

7

bc0c427f5a...18.exe

windows10-2004-x64

7

Sharing

General

Target

bc0c427f5a05f9378872dc17a720d90b_JaffaCakes118
Size

544KB
Sample

240823-rf14ma1cqq
MD5

bc0c427f5a05f9378872dc17a720d90b
SHA1

1311b6e7b168680adf42184e4a8c8ada698ec852
SHA256

9547a88a449770505f65b56a176b96c0218c1d1e711f48dc204b477b63fc7930
SHA512

5f09e5212386a0a0537102b3d13af85f0cb9ee8004ffcc037b95b3460aaff0d13a06aaf905ca920fc1db68f961510fe988e027f440f653fea5b2e1db16e7f168
SSDEEP

12288:+NKAOkuBgts1nqPf51kMRXfq5ikUZcS9+xA:14s1nqzy53UZc7

Score

7^/10

bootkit discovery persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

bc0c427f5a05f9378872dc17a720d90b_JaffaCakes118.exe

Resource

win7-20240704-en

bootkit discovery persistence upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

bc0c427f5a05f9378872dc17a720d90b_JaffaCakes118.exe

Resource

win10v2004-20240802-en

bootkit discovery persistence upx

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  bc0c427f5a05f9378872dc17a720d90b_JaffaCakes118
- Size
  
  544KB
- MD5
  
  bc0c427f5a05f9378872dc17a720d90b
- SHA1
  
  1311b6e7b168680adf42184e4a8c8ada698ec852
- SHA256
  
  9547a88a449770505f65b56a176b96c0218c1d1e711f48dc204b477b63fc7930
- SHA512
  
  5f09e5212386a0a0537102b3d13af85f0cb9ee8004ffcc037b95b3460aaff0d13a06aaf905ca920fc1db68f961510fe988e027f440f653fea5b2e1db16e7f168
- SSDEEP
  
  12288:+NKAOkuBgts1nqPf51kMRXfq5ikUZcS9+xA:14s1nqzy53UZc7
Score

7^/10

bootkit discovery persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistenceupx

behavioral2

bootkitdiscoverypersistenceupx

© 2018-2025

Terms | Privacy