Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118
-
Size
206KB
-
Sample
240604-1jlb1sdb77
-
MD5
965abae8ef3e9859e0e473c5f3cffccf
-
SHA1
6fb809712f1aa97ad226186702c6cc9528144b44
-
SHA256
139ee6fc065e526efac3cf24d50d0d95c78e1a10ff2cf40839cd4756fff43e71
-
SHA512
3c040033cf886f1f272d2ba02c6bf2b1e294a8d7dd25286e201c43b4ac9ee7f3e78ee2e8c9c5a340c6a93711258936d23e0391aa62fb2536a58e973fb9e69262
-
SSDEEP
6144:q8+9tCJQBqCYaM+QcEdNc4fdem9UJNh+ytHFoSyG0:sf2aM+Qcn4V/8NhnpFoSyn
Behavioral task
behavioral1
Sample
965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
965abae8ef3e9859e0e473c5f3cffccf_JaffaCakes118
-
Size
206KB
-
MD5
965abae8ef3e9859e0e473c5f3cffccf
-
SHA1
6fb809712f1aa97ad226186702c6cc9528144b44
-
SHA256
139ee6fc065e526efac3cf24d50d0d95c78e1a10ff2cf40839cd4756fff43e71
-
SHA512
3c040033cf886f1f272d2ba02c6bf2b1e294a8d7dd25286e201c43b4ac9ee7f3e78ee2e8c9c5a340c6a93711258936d23e0391aa62fb2536a58e973fb9e69262
-
SSDEEP
6144:q8+9tCJQBqCYaM+QcEdNc4fdem9UJNh+ytHFoSyG0:sf2aM+Qcn4V/8NhnpFoSyn
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1