Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
02b7ff64c6ab85ea4fd39a8e082c282a_JaffaCakes118
-
Size
14.2MB
-
Sample
240427-h9l25aed8t
-
MD5
02b7ff64c6ab85ea4fd39a8e082c282a
-
SHA1
d6a1a0e0cd651de2ec4b0ad0753513a30c37e358
-
SHA256
ece34d78b747a27cefa8fb81b4a68b29f341096e65c065d7af29d14f671f281c
-
SHA512
7ba0878687286ad67cd6ffbc1bac77b7da16e1d804817429f6685d979a0d14dcffd21675134b99771bc7613b585db0ca1033c96faa26aafd3a4f062a16ea453c
-
SSDEEP
196608:Ta9+6Y7SOEibgRNKube8Kvla9+6Y7SOEibgRNKube8Kv8:TFgRMFgRJ
Behavioral task
behavioral1
Sample
02b7ff64c6ab85ea4fd39a8e082c282a_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
02b7ff64c6ab85ea4fd39a8e082c282a_JaffaCakes118
-
Size
14.2MB
-
MD5
02b7ff64c6ab85ea4fd39a8e082c282a
-
SHA1
d6a1a0e0cd651de2ec4b0ad0753513a30c37e358
-
SHA256
ece34d78b747a27cefa8fb81b4a68b29f341096e65c065d7af29d14f671f281c
-
SHA512
7ba0878687286ad67cd6ffbc1bac77b7da16e1d804817429f6685d979a0d14dcffd21675134b99771bc7613b585db0ca1033c96faa26aafd3a4f062a16ea453c
-
SSDEEP
196608:Ta9+6Y7SOEibgRNKube8Kvla9+6Y7SOEibgRNKube8Kv8:TFgRMFgRJ
-
Detect Blackmoon payload
-
XMRig Miner payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2