Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
05fd888e39d0cdc009b0c840b283acee_JaffaCakes118
-
Size
25.5MB
-
Sample
240428-y27a4agb52
-
MD5
05fd888e39d0cdc009b0c840b283acee
-
SHA1
54eefe33591d1bb3721243f823663938c44099a4
-
SHA256
f438ebf0fd8dfd5b33f78259c1ef056e59e2ff8e114b9d2c0b74af77b0d1fc8b
-
SHA512
2e09c8b917c1c9b0eb5e8a8d69425c8e9a6625e2b3be2b31efcc5895e7df5bda6733876cc8aed309e21b56e87455d180f3e48f2dbe7f1affb3a06f06e7c4971a
-
SSDEEP
196608:Ta9+6Y7SOEibgR2xinfW/JLGMcblLhe3Aa9+6Y7SOEibgR2xinfW/JLGMcblLheH:TFgRAifW/VdrAFgRAifW/Vdr3
Behavioral task
behavioral1
Sample
05fd888e39d0cdc009b0c840b283acee_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
05fd888e39d0cdc009b0c840b283acee_JaffaCakes118
-
Size
25.5MB
-
MD5
05fd888e39d0cdc009b0c840b283acee
-
SHA1
54eefe33591d1bb3721243f823663938c44099a4
-
SHA256
f438ebf0fd8dfd5b33f78259c1ef056e59e2ff8e114b9d2c0b74af77b0d1fc8b
-
SHA512
2e09c8b917c1c9b0eb5e8a8d69425c8e9a6625e2b3be2b31efcc5895e7df5bda6733876cc8aed309e21b56e87455d180f3e48f2dbe7f1affb3a06f06e7c4971a
-
SSDEEP
196608:Ta9+6Y7SOEibgR2xinfW/JLGMcblLhe3Aa9+6Y7SOEibgR2xinfW/JLGMcblLheH:TFgRAifW/VdrAFgRAifW/Vdr3
-
Detect Blackmoon payload
-
XMRig Miner payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2