Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e584ca8bbf06cce4e40890f29478b8cf_JaffaCakes118
-
Size
181KB
-
Sample
240407-whncrsaf56
-
MD5
e584ca8bbf06cce4e40890f29478b8cf
-
SHA1
e359e6a1e36810fddd5f03b0af1a679079bab2d2
-
SHA256
55d8d110ea8199e5c63dff0e8a5c7379acfe3a6ea3ccdee399fddb391cb096e6
-
SHA512
4d2464cea9d46ac8b203553a61812d4082b448df06cdfc0d25b953ad461ed37520daecb66fcea756025482fb13b2b2e8af4b88f6d35e1888761b343e80848e0c
-
SSDEEP
3072:Nk5s+6CVd3Ou4+DrYW4c2invLztHAPUsQh95NR7zofdZxCqV/D0PKx3TAlQR:UWCVlDrYWiWnlUUsM99vsdDCMQCx3T6E
Static task
static1
Behavioral task
behavioral1
Sample
e584ca8bbf06cce4e40890f29478b8cf_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
e584ca8bbf06cce4e40890f29478b8cf_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
e584ca8bbf06cce4e40890f29478b8cf_JaffaCakes118
-
Size
181KB
-
MD5
e584ca8bbf06cce4e40890f29478b8cf
-
SHA1
e359e6a1e36810fddd5f03b0af1a679079bab2d2
-
SHA256
55d8d110ea8199e5c63dff0e8a5c7379acfe3a6ea3ccdee399fddb391cb096e6
-
SHA512
4d2464cea9d46ac8b203553a61812d4082b448df06cdfc0d25b953ad461ed37520daecb66fcea756025482fb13b2b2e8af4b88f6d35e1888761b343e80848e0c
-
SSDEEP
3072:Nk5s+6CVd3Ou4+DrYW4c2invLztHAPUsQh95NR7zofdZxCqV/D0PKx3TAlQR:UWCVlDrYWiWnlUUsM99vsdDCMQCx3T6E
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1