Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e35a93b5dd013a1ab14d662093d9362e_JaffaCakes118
-
Size
84KB
-
Sample
240406-1mnljscf35
-
MD5
e35a93b5dd013a1ab14d662093d9362e
-
SHA1
f939a31f8dd911660f58fff9e8302346327ea546
-
SHA256
d7718df53772cd0e36b389e5e75fc5ebe50035f649168b4adcffa021708f38cc
-
SHA512
1ce164971872605428c46727c2094b6d92d12306a31a2027aa542c400b2c68365e56b539ab2116ca89604f759c3b7be7a6b8efc72bb118576e74b31e412a9e84
-
SSDEEP
1536:uQN/CvWH9aCTj9f27liSWAYFzo9tg3oyIlIKTJXGN6Y+UBgfXVH0SnXxY5HZe:lN/CvWH9aIj9f2piSWdFEg3sjevC6SnN
Static task
static1
Behavioral task
behavioral1
Sample
e35a93b5dd013a1ab14d662093d9362e_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e35a93b5dd013a1ab14d662093d9362e_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
e35a93b5dd013a1ab14d662093d9362e_JaffaCakes118
-
Size
84KB
-
MD5
e35a93b5dd013a1ab14d662093d9362e
-
SHA1
f939a31f8dd911660f58fff9e8302346327ea546
-
SHA256
d7718df53772cd0e36b389e5e75fc5ebe50035f649168b4adcffa021708f38cc
-
SHA512
1ce164971872605428c46727c2094b6d92d12306a31a2027aa542c400b2c68365e56b539ab2116ca89604f759c3b7be7a6b8efc72bb118576e74b31e412a9e84
-
SSDEEP
1536:uQN/CvWH9aCTj9f27liSWAYFzo9tg3oyIlIKTJXGN6Y+UBgfXVH0SnXxY5HZe:lN/CvWH9aIj9f2piSWdFEg3sjevC6SnN
Score10/10-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2