Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
14882e222e00685cb3700a6bc1c6deeb_JaffaCakes118
-
Size
24KB
-
Sample
240627-d386vszgjh
-
MD5
14882e222e00685cb3700a6bc1c6deeb
-
SHA1
09eb0f3d4dc19c7a49548dbbeea711495f0fe422
-
SHA256
d5e8e64d63f6a3b11ae0ff742fe7682dd7a67e2e8d588cfd6b9e2db983cb6dfd
-
SHA512
7864fe2a806f1e9fc2f9f30c067cc05b1c757a550b6061fdf9996c1ab8322fbdd301d8fdc6dbc850e04e884d93db90403f2879f7781cc1e71339a7bb956e253a
-
SSDEEP
384:s/7e8zdTyBsyqAIZhg8wwgSQA/bIgRtEnSj67xkJ8Xp6dLMtXebNImv4+YXg1wmD:qWsyqAggjATbfdjIXp6xImv2swoz
Static task
static1
Behavioral task
behavioral1
Sample
14882e222e00685cb3700a6bc1c6deeb_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
14882e222e00685cb3700a6bc1c6deeb_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
14882e222e00685cb3700a6bc1c6deeb_JaffaCakes118
-
Size
24KB
-
MD5
14882e222e00685cb3700a6bc1c6deeb
-
SHA1
09eb0f3d4dc19c7a49548dbbeea711495f0fe422
-
SHA256
d5e8e64d63f6a3b11ae0ff742fe7682dd7a67e2e8d588cfd6b9e2db983cb6dfd
-
SHA512
7864fe2a806f1e9fc2f9f30c067cc05b1c757a550b6061fdf9996c1ab8322fbdd301d8fdc6dbc850e04e884d93db90403f2879f7781cc1e71339a7bb956e253a
-
SSDEEP
384:s/7e8zdTyBsyqAIZhg8wwgSQA/bIgRtEnSj67xkJ8Xp6dLMtXebNImv4+YXg1wmD:qWsyqAggjATbfdjIXp6xImv2swoz
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Deletes itself
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1