Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8c3a1db3b96205665a9a1ec894058d81_JaffaCakes118
-
Size
453KB
-
Sample
240601-3xqvrsbd5z
-
MD5
8c3a1db3b96205665a9a1ec894058d81
-
SHA1
9fd6b8871b0a0b45e0352670098d7211fee63208
-
SHA256
81dbbf64274c599feeef01b80d1d56d126cb607dfb54e8b65a5d7b35878b8842
-
SHA512
62b20bbee62c56bf648a9be3c2e770bf8ddeab209f73a3d3b7f6bca99b0ffcf4c4042bf002c7dcaab79a0d4bfdcae54f3c7f341f1c5e639772ca9fbd6931390e
-
SSDEEP
12288:fp7kwCTvbdS3+Slzdwn0Q/7MR9tP5huP+dCzPpG:VkwgU3+SVdwS/5h1CzPpG
Static task
static1
Behavioral task
behavioral1
Sample
8c3a1db3b96205665a9a1ec894058d81_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
8c3a1db3b96205665a9a1ec894058d81_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
8c3a1db3b96205665a9a1ec894058d81_JaffaCakes118
-
Size
453KB
-
MD5
8c3a1db3b96205665a9a1ec894058d81
-
SHA1
9fd6b8871b0a0b45e0352670098d7211fee63208
-
SHA256
81dbbf64274c599feeef01b80d1d56d126cb607dfb54e8b65a5d7b35878b8842
-
SHA512
62b20bbee62c56bf648a9be3c2e770bf8ddeab209f73a3d3b7f6bca99b0ffcf4c4042bf002c7dcaab79a0d4bfdcae54f3c7f341f1c5e639772ca9fbd6931390e
-
SSDEEP
12288:fp7kwCTvbdS3+Slzdwn0Q/7MR9tP5huP+dCzPpG:VkwgU3+SVdwS/5h1CzPpG
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-