Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f49e0b097d67c21a318db444aa8813e6_JaffaCakes118
-
Size
632KB
-
Sample
240417-aaz6psga98
-
MD5
f49e0b097d67c21a318db444aa8813e6
-
SHA1
14e4369337857e19d9726b65041c574b7b2b3a66
-
SHA256
75108791d60cf29751d836a614abd36bea9c23c66f080f41a434ada6be65196d
-
SHA512
9335478e8661bcebfe0e4108d2527b358f7a4567937a016c91901ebff7ef0e55e21fa9ef04b619480f47c35f8dfb13cbd237e8108017d2f0b1c709ccf87236bb
-
SSDEEP
6144:I2uNyWziInfDncpVARIVKgjYrZ/+edJXiRns9S3CBfC6MnLGbGPYCzVoLZ8FPrMW:cKpVIYjsmeR9YtHnabGdV6Zey
Static task
static1
Behavioral task
behavioral1
Sample
f49e0b097d67c21a318db444aa8813e6_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f49e0b097d67c21a318db444aa8813e6_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
f49e0b097d67c21a318db444aa8813e6_JaffaCakes118
-
Size
632KB
-
MD5
f49e0b097d67c21a318db444aa8813e6
-
SHA1
14e4369337857e19d9726b65041c574b7b2b3a66
-
SHA256
75108791d60cf29751d836a614abd36bea9c23c66f080f41a434ada6be65196d
-
SHA512
9335478e8661bcebfe0e4108d2527b358f7a4567937a016c91901ebff7ef0e55e21fa9ef04b619480f47c35f8dfb13cbd237e8108017d2f0b1c709ccf87236bb
-
SSDEEP
6144:I2uNyWziInfDncpVARIVKgjYrZ/+edJXiRns9S3CBfC6MnLGbGPYCzVoLZ8FPrMW:cKpVIYjsmeR9YtHnabGdV6Zey
Score10/10-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2