Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e61a760972d6ad592d2fdcec6c231282_JaffaCakes118
-
Size
300KB
-
Sample
240407-3ds6sahf5s
-
MD5
e61a760972d6ad592d2fdcec6c231282
-
SHA1
172c5c66dddf7753a0e6916713b93a58ad42e3c0
-
SHA256
bcfd9543c4086557265e6300ab399adf83ca638de210ec2ee11d5a50e8ae93f2
-
SHA512
77549be7bda37b88de41b63544bce109e3ab94566445e8bb2cbf6d1bd7c004cd612b8ab97ec1e5cc15fbacc87fd14ccfb79d36b809262e059540b2816208eb8c
-
SSDEEP
3072:Q18SouhTTtfiCXl+0LbLuO5aYd/5q6rsg2ZaZ/VuXQMul6mdoCom9QEst3FmcSDQ:G8Yd4iaYd/5EkhTlBy3Fmco
Static task
static1
Behavioral task
behavioral1
Sample
e61a760972d6ad592d2fdcec6c231282_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e61a760972d6ad592d2fdcec6c231282_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
e61a760972d6ad592d2fdcec6c231282_JaffaCakes118
-
Size
300KB
-
MD5
e61a760972d6ad592d2fdcec6c231282
-
SHA1
172c5c66dddf7753a0e6916713b93a58ad42e3c0
-
SHA256
bcfd9543c4086557265e6300ab399adf83ca638de210ec2ee11d5a50e8ae93f2
-
SHA512
77549be7bda37b88de41b63544bce109e3ab94566445e8bb2cbf6d1bd7c004cd612b8ab97ec1e5cc15fbacc87fd14ccfb79d36b809262e059540b2816208eb8c
-
SSDEEP
3072:Q18SouhTTtfiCXl+0LbLuO5aYd/5q6rsg2ZaZ/VuXQMul6mdoCom9QEst3FmcSDQ:G8Yd4iaYd/5EkhTlBy3Fmco
Score10/10-
Modifies firewall policy service
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1