Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e585d6a51805cc6107530084dabd8c27_JaffaCakes118
-
Size
4.6MB
-
Sample
240407-wj98xsaf92
-
MD5
e585d6a51805cc6107530084dabd8c27
-
SHA1
4d4160462ea80e7ba35f4128864f46f2feb7979f
-
SHA256
bf7c8a09e4cba16df6245e51e029e0a8a11849702f4eb5f7d80fb3c8ebccef36
-
SHA512
47537b30dcf4dafa99e6f76dc8439f65f1eddc00156aecccc873b42f0f3f0a1c8db6f99b66b6a86b94abac15ea68b5a7e9ed34c83f53a4d3b5b3a61b6eb5671a
-
SSDEEP
98304:3ZLp3wC7efv4r8NZHvdD6f697uVybQkio7IbdOgErPIDguDO3tV:3P3wC7eH4r8NZPh6i9iOkRErID9K3tV
Static task
static1
Behavioral task
behavioral1
Sample
e585d6a51805cc6107530084dabd8c27_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e585d6a51805cc6107530084dabd8c27_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
e585d6a51805cc6107530084dabd8c27_JaffaCakes118
-
Size
4.6MB
-
MD5
e585d6a51805cc6107530084dabd8c27
-
SHA1
4d4160462ea80e7ba35f4128864f46f2feb7979f
-
SHA256
bf7c8a09e4cba16df6245e51e029e0a8a11849702f4eb5f7d80fb3c8ebccef36
-
SHA512
47537b30dcf4dafa99e6f76dc8439f65f1eddc00156aecccc873b42f0f3f0a1c8db6f99b66b6a86b94abac15ea68b5a7e9ed34c83f53a4d3b5b3a61b6eb5671a
-
SSDEEP
98304:3ZLp3wC7efv4r8NZHvdD6f697uVybQkio7IbdOgErPIDguDO3tV:3P3wC7eH4r8NZPh6i9iOkRErID9K3tV
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-