Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f78ce516718cb7fc9ffa1c04dbea3595_JaffaCakes118
-
Size
6.1MB
-
Sample
240418-jfyphagc9v
-
MD5
f78ce516718cb7fc9ffa1c04dbea3595
-
SHA1
cf90acdc6c34e3576d1c29bee1d83c2862a756fd
-
SHA256
6ccbedb7e89b7077f1b26ef73f26d364e788d06fc8410a24a4ade46a8c76683a
-
SHA512
01c57526f4fd5c9bdbb4fe7bcd3cc7d973ef89747510c8400881dd1021d20a1b33845f4076f574e7a9dc3d932bcd77e73921594e1eeed6d13146f26b4debb267
-
SSDEEP
196608:ON8jjoG1vhhff4xuvVf5lNTvN41xKkFi1zw9x7:ON8dnAuv9NaLKk0Nwz7
Static task
static1
Behavioral task
behavioral1
Sample
f78ce516718cb7fc9ffa1c04dbea3595_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f78ce516718cb7fc9ffa1c04dbea3595_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f78ce516718cb7fc9ffa1c04dbea3595_JaffaCakes118
-
Size
6.1MB
-
MD5
f78ce516718cb7fc9ffa1c04dbea3595
-
SHA1
cf90acdc6c34e3576d1c29bee1d83c2862a756fd
-
SHA256
6ccbedb7e89b7077f1b26ef73f26d364e788d06fc8410a24a4ade46a8c76683a
-
SHA512
01c57526f4fd5c9bdbb4fe7bcd3cc7d973ef89747510c8400881dd1021d20a1b33845f4076f574e7a9dc3d932bcd77e73921594e1eeed6d13146f26b4debb267
-
SSDEEP
196608:ON8jjoG1vhhff4xuvVf5lNTvN41xKkFi1zw9x7:ON8dnAuv9NaLKk0Nwz7
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-