Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9e89ec8a6d7a50e4f9a68a7ed90f0eea_JaffaCakes118
-
Size
3.3MB
-
Sample
240611-r1syra1dkj
-
MD5
9e89ec8a6d7a50e4f9a68a7ed90f0eea
-
SHA1
286fafe21eb3232d42ac63f4220dbc1c281944c2
-
SHA256
978cd9073207975e6dd535e34b59014de4eb4db0d54fd67d2d8a355e5df7458b
-
SHA512
67f782c6b7c946d5dfcfb06dc1bd262d4f491aa092b2d0fabeda2dadebbbf96b22e7152ad93242943d27ec79ca5cd62ddb21a18f926a6d7b419704641c5c5b3b
-
SSDEEP
98304:xQMV6QGLZdQfePhCko9qE4S473zOEcEe0e:xZ4QGF4Bz473y
Behavioral task
behavioral1
Sample
9e89ec8a6d7a50e4f9a68a7ed90f0eea_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
9e89ec8a6d7a50e4f9a68a7ed90f0eea_JaffaCakes118
-
Size
3.3MB
-
MD5
9e89ec8a6d7a50e4f9a68a7ed90f0eea
-
SHA1
286fafe21eb3232d42ac63f4220dbc1c281944c2
-
SHA256
978cd9073207975e6dd535e34b59014de4eb4db0d54fd67d2d8a355e5df7458b
-
SHA512
67f782c6b7c946d5dfcfb06dc1bd262d4f491aa092b2d0fabeda2dadebbbf96b22e7152ad93242943d27ec79ca5cd62ddb21a18f926a6d7b419704641c5c5b3b
-
SSDEEP
98304:xQMV6QGLZdQfePhCko9qE4S473zOEcEe0e:xZ4QGF4Bz473y
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Virtualization/Sandbox Evasion
1