Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
00d55a0adfb2ee1394ddb368be5c7d24_JaffaCakes118
-
Size
568KB
-
Sample
240619-169ccsydrn
-
MD5
00d55a0adfb2ee1394ddb368be5c7d24
-
SHA1
42c1ae2858be19c3aaf58f1a5ceff090f092570c
-
SHA256
aab8eaff9af3ac90b28e4e613db329fb6817918ea046c3fe44349ef5a86d4296
-
SHA512
a11c51b17d0a6cad3974dd6f579b40700b2ace608c02cd7d35ab6509be5157ef00ccf46cf623291e93d40b2f91f7761eb79bd6cd8b234fa6da232e0e649badad
-
SSDEEP
6144:SEkNbZcQblOeRpBJ+CGGDKLe8Wiyq+MsbzWqqKUzq7Cm6oB3U6Mcd7yg2FQ6F:SEkNbZHbbz4kKdsbzWqVUzCgQdB2Sq
Malware Config
Targets
-
-
Target
00d55a0adfb2ee1394ddb368be5c7d24_JaffaCakes118
-
Size
568KB
-
MD5
00d55a0adfb2ee1394ddb368be5c7d24
-
SHA1
42c1ae2858be19c3aaf58f1a5ceff090f092570c
-
SHA256
aab8eaff9af3ac90b28e4e613db329fb6817918ea046c3fe44349ef5a86d4296
-
SHA512
a11c51b17d0a6cad3974dd6f579b40700b2ace608c02cd7d35ab6509be5157ef00ccf46cf623291e93d40b2f91f7761eb79bd6cd8b234fa6da232e0e649badad
-
SSDEEP
6144:SEkNbZcQblOeRpBJ+CGGDKLe8Wiyq+MsbzWqqKUzq7Cm6oB3U6Mcd7yg2FQ6F:SEkNbZHbbz4kKdsbzWqVUzCgQdB2Sq
Score10/10-
Modifies WinLogon for persistence
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1