Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e2bf885cd9c2597129bb4a315ce96e32_JaffaCakes118
-
Size
2.6MB
-
Sample
240406-rwc2qscd7v
-
MD5
e2bf885cd9c2597129bb4a315ce96e32
-
SHA1
cee23f86e0757453609fcfd856362fc9b24cf1ae
-
SHA256
9cae380e7bf8afc6b6e440c7613a0d92c6e4e7963271e3f911b7a9d980154f33
-
SHA512
93df8741813fad3780eda52915d6e4216c7c5a8c1791b9e411ec649ceb3c73fbbc57fecec06f7b01e13dbf707e077b20d8e85f0c9fe81daa425ac45deb01b469
-
SSDEEP
49152:7zjzj/rUtkdX7jlsKPj1NcC/IciG6INmjSaFfTLYA4pZi:7zTrFdLjls01NcCAciG2XTLYA4pc
Static task
static1
Behavioral task
behavioral1
Sample
e2bf885cd9c2597129bb4a315ce96e32_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e2bf885cd9c2597129bb4a315ce96e32_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
http://soft-store-inc.com/soft-usage/favicon.ico?0=1200&1=KXIPPCKF&2=i-s&3=72&4=7601&5=6&6=1&7=99600&8=1033
Extracted
http://soft-store-inc.com/soft-usage/favicon.ico?0=1200&1=SLVJLBBW&2=i-s&3=72&4=9200&5=6&6=2&7=919041&8=1033
Targets
-
-
Target
e2bf885cd9c2597129bb4a315ce96e32_JaffaCakes118
-
Size
2.6MB
-
MD5
e2bf885cd9c2597129bb4a315ce96e32
-
SHA1
cee23f86e0757453609fcfd856362fc9b24cf1ae
-
SHA256
9cae380e7bf8afc6b6e440c7613a0d92c6e4e7963271e3f911b7a9d980154f33
-
SHA512
93df8741813fad3780eda52915d6e4216c7c5a8c1791b9e411ec649ceb3c73fbbc57fecec06f7b01e13dbf707e077b20d8e85f0c9fe81daa425ac45deb01b469
-
SSDEEP
49152:7zjzj/rUtkdX7jlsKPj1NcC/IciG6INmjSaFfTLYA4pZi:7zTrFdLjls01NcCAciG2XTLYA4pc
Score10/10-
Modifies WinLogon for persistence
-
Sets file execution options in registry
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1