7f6e16efa5bcce2495d8db56c99c5a80156026e57fdd92ef553d56119032dbae | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

5

JaffaCakes...28.exe

windows7-x64

6

JaffaCakes...28.exe

windows10-2004-x64

8

Sharing

General

Target

JaffaCakes118_c2642f73ff0d12aa1b151c9df7cbf028
Size

241KB
Sample

250208-m78wbssngj
MD5

c2642f73ff0d12aa1b151c9df7cbf028
SHA1

950cdc0853683732fbe02c2997d9d8af2af9003b
SHA256

7f6e16efa5bcce2495d8db56c99c5a80156026e57fdd92ef553d56119032dbae
SHA512

b2d2fb279c14507acdd287e58544bd07f7ebca9d88f6412ad1d6e760663d9bcbac560d203a275c1a9b4c9033dd44def0264734c846b26bee88a3013fe09c762f
SSDEEP

6144:KaLGohbTxpsk9vfX64tY8+jRR342MDr7JkioV:7bTxaQfX6sY/4XD363V

Score

8^/10

bootkit discovery persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_c2642f73ff0d12aa1b151c9df7cbf028.exe

Resource

win7-20240729-en

bootkit discovery persistence upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_c2642f73ff0d12aa1b151c9df7cbf028.exe

Resource

win10v2004-20250207-en

bootkit discovery persistence upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_c2642f73ff0d12aa1b151c9df7cbf028
- Size
  
  241KB
- MD5
  
  c2642f73ff0d12aa1b151c9df7cbf028
- SHA1
  
  950cdc0853683732fbe02c2997d9d8af2af9003b
- SHA256
  
  7f6e16efa5bcce2495d8db56c99c5a80156026e57fdd92ef553d56119032dbae
- SHA512
  
  b2d2fb279c14507acdd287e58544bd07f7ebca9d88f6412ad1d6e760663d9bcbac560d203a275c1a9b4c9033dd44def0264734c846b26bee88a3013fe09c762f
- SSDEEP
  
  6144:KaLGohbTxpsk9vfX64tY8+jRR342MDr7JkioV:7bTxaQfX6sY/4XD363V
Score

8^/10

bootkit discovery persistence upx
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistenceupx

behavioral2

bootkitdiscoverypersistenceupx

© 2018-2025

Terms | Privacy