Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
12311cc235e275dcc60a730d871f58a0_JaffaCakes118
-
Size
51KB
-
Sample
240626-q3sv4axcpc
-
MD5
12311cc235e275dcc60a730d871f58a0
-
SHA1
72bd16b83752322a3065e6babe313b7a7a8936aa
-
SHA256
08b29bebdc1352bb5c37382f3e32a712d12e217339417e99cd278606c2b06004
-
SHA512
b482b6116cb16999509678c36047b54c71b279f031cc2a098f6283833a825eec5d4f5588bbf7aa4fcf3d9a1bced88c5ea21fa3faa12625ad13ddb17d3a300fa7
-
SSDEEP
768:PQ1nkeIu1kNVLQKn/HHbGFnJUV9bHZ4Q5y86jdXdWe/tC1rvUr+EEmRHBztZN9Mz:a31kNVLn/bGUV9dpXIdXMFMLRRXMz
Static task
static1
Behavioral task
behavioral1
Sample
12311cc235e275dcc60a730d871f58a0_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
12311cc235e275dcc60a730d871f58a0_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
12311cc235e275dcc60a730d871f58a0_JaffaCakes118
-
Size
51KB
-
MD5
12311cc235e275dcc60a730d871f58a0
-
SHA1
72bd16b83752322a3065e6babe313b7a7a8936aa
-
SHA256
08b29bebdc1352bb5c37382f3e32a712d12e217339417e99cd278606c2b06004
-
SHA512
b482b6116cb16999509678c36047b54c71b279f031cc2a098f6283833a825eec5d4f5588bbf7aa4fcf3d9a1bced88c5ea21fa3faa12625ad13ddb17d3a300fa7
-
SSDEEP
768:PQ1nkeIu1kNVLQKn/HHbGFnJUV9bHZ4Q5y86jdXdWe/tC1rvUr+EEmRHBztZN9Mz:a31kNVLn/bGUV9dpXIdXMFMLRRXMz
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Deletes itself
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1