Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f18064fbd77645586cc39047a7485238_JaffaCakes118
-
Size
3.6MB
-
Sample
240415-t4abxsdc5x
-
MD5
f18064fbd77645586cc39047a7485238
-
SHA1
b9ac9a905bb92a0137f7c39303fc715a675c09a9
-
SHA256
257f2818157f8d0deb0bec5b86fa3d21b6b68ae456669bcfd68ac52e0dbc32ff
-
SHA512
6dc479aba12e387992ba2680799baea36d1195c097e3c94237e973227a8464c1cfce22c9487e276fe5ec83e68ff48e4412f07014b15d4d9656cad2db7cd15a1e
-
SSDEEP
49152:SEjtrqyB6CZCPya8Pbnyln44yWfqcvgQJmdCZM8eUlF6JJpNbH:SEprnICsPB8PbnGn9tqcvRtW8vGjbH
Static task
static1
Behavioral task
behavioral1
Sample
f18064fbd77645586cc39047a7485238_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f18064fbd77645586cc39047a7485238_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f18064fbd77645586cc39047a7485238_JaffaCakes118
-
Size
3.6MB
-
MD5
f18064fbd77645586cc39047a7485238
-
SHA1
b9ac9a905bb92a0137f7c39303fc715a675c09a9
-
SHA256
257f2818157f8d0deb0bec5b86fa3d21b6b68ae456669bcfd68ac52e0dbc32ff
-
SHA512
6dc479aba12e387992ba2680799baea36d1195c097e3c94237e973227a8464c1cfce22c9487e276fe5ec83e68ff48e4412f07014b15d4d9656cad2db7cd15a1e
-
SSDEEP
49152:SEjtrqyB6CZCPya8Pbnyln44yWfqcvgQJmdCZM8eUlF6JJpNbH:SEprnICsPB8PbnGn9tqcvRtW8vGjbH
Score8/10-
Modifies Windows Firewall
-
Stops running service(s)
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1