Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
036f0c57fb3a8a124ae0ed0777a27948_JaffaCakes118
-
Size
2.9MB
-
Sample
240620-gprlfaxbrn
-
MD5
036f0c57fb3a8a124ae0ed0777a27948
-
SHA1
af697c9fcc96e8154be0af48c2d1398339e15f62
-
SHA256
2e7a3ebabbb8cdd47998a9e97aa5b3e2448c2ac956a447af810e30262f0d4eab
-
SHA512
e433db1c886ae541d14421033d3b38b1867a509307dc33b005d1b571ba7423395d7c13a1ca129d951dd4c5727509755da12ecbb06ea8fc014635a7a25bffbed6
-
SSDEEP
49152:mdfY3+KXPYSNxGl/kUcWcxW0tUilfnzS5LeTtkfjkKhmQB8rY+o:ugvpNq/kUdcxW0ae/zs++jkymE83
Malware Config
Targets
-
-
Target
036f0c57fb3a8a124ae0ed0777a27948_JaffaCakes118
-
Size
2.9MB
-
MD5
036f0c57fb3a8a124ae0ed0777a27948
-
SHA1
af697c9fcc96e8154be0af48c2d1398339e15f62
-
SHA256
2e7a3ebabbb8cdd47998a9e97aa5b3e2448c2ac956a447af810e30262f0d4eab
-
SHA512
e433db1c886ae541d14421033d3b38b1867a509307dc33b005d1b571ba7423395d7c13a1ca129d951dd4c5727509755da12ecbb06ea8fc014635a7a25bffbed6
-
SSDEEP
49152:mdfY3+KXPYSNxGl/kUcWcxW0tUilfnzS5LeTtkfjkKhmQB8rY+o:ugvpNq/kUdcxW0ae/zs++jkymE83
Score8/10-
Modifies Windows Firewall
-
Stops running service(s)
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1