Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
074ded651094fe1545d996add8e3df36_JaffaCakes118
-
Size
256KB
-
Sample
240620-sx3jfsvcmb
-
MD5
074ded651094fe1545d996add8e3df36
-
SHA1
9960378b363b6ff89d40a790e9cfe3f59c4004f8
-
SHA256
eda59f4181b638df6cc16b7267535e70a54699c3a53101d07c0287662f83d546
-
SHA512
13e15ee436e21ba7f5b4d3d90ce8f326d0926004d6f9e49ce827aae939a1e3c335a67709b6ca0b3a741268f935a7a36d52271077755022f3346972824f6ed56e
-
SSDEEP
3072:Xo8L5tpV+CSA1AAPoCpxW5ATBfUNjpS1svkTVC9FieYTTLprx/m3qT4S826guKqr:ptpvoCpcNQ1jQdi
Static task
static1
Behavioral task
behavioral1
Sample
074ded651094fe1545d996add8e3df36_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
074ded651094fe1545d996add8e3df36_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
074ded651094fe1545d996add8e3df36_JaffaCakes118
-
Size
256KB
-
MD5
074ded651094fe1545d996add8e3df36
-
SHA1
9960378b363b6ff89d40a790e9cfe3f59c4004f8
-
SHA256
eda59f4181b638df6cc16b7267535e70a54699c3a53101d07c0287662f83d546
-
SHA512
13e15ee436e21ba7f5b4d3d90ce8f326d0926004d6f9e49ce827aae939a1e3c335a67709b6ca0b3a741268f935a7a36d52271077755022f3346972824f6ed56e
-
SSDEEP
3072:Xo8L5tpV+CSA1AAPoCpxW5ATBfUNjpS1svkTVC9FieYTTLprx/m3qT4S826guKqr:ptpvoCpcNQ1jQdi
Score8/10-
Adds policy Run key to start application
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1