Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1517fdb0cbc6a2d264a0659e0a283080_JaffaCakes118
-
Size
1.5MB
-
Sample
240627-hxmg5a1all
-
MD5
1517fdb0cbc6a2d264a0659e0a283080
-
SHA1
f7cd1090ed8574d40e2f19ad2792193b21009059
-
SHA256
5ad4da4195335beb9e819f015798330ee0a25a00c45e1bcebb704e3b71ed6c9f
-
SHA512
4dfc9b7c5739f8284e0d254fc5fa3a6a4ac920b669e7fdfd10ecb03da3850e2d7ef3cec5373172d54957c1d8cb50e04ad9d7dfbb3beb8baa51bae66a5bd66973
-
SSDEEP
49152:Ne4sKgJ+GnJ0i1asEDC0d/ftVpzmPGgqUkH0g:NerKgA2LOC+311H
Behavioral task
behavioral1
Sample
1517fdb0cbc6a2d264a0659e0a283080_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
1517fdb0cbc6a2d264a0659e0a283080_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
1517fdb0cbc6a2d264a0659e0a283080_JaffaCakes118
-
Size
1.5MB
-
MD5
1517fdb0cbc6a2d264a0659e0a283080
-
SHA1
f7cd1090ed8574d40e2f19ad2792193b21009059
-
SHA256
5ad4da4195335beb9e819f015798330ee0a25a00c45e1bcebb704e3b71ed6c9f
-
SHA512
4dfc9b7c5739f8284e0d254fc5fa3a6a4ac920b669e7fdfd10ecb03da3850e2d7ef3cec5373172d54957c1d8cb50e04ad9d7dfbb3beb8baa51bae66a5bd66973
-
SSDEEP
49152:Ne4sKgJ+GnJ0i1asEDC0d/ftVpzmPGgqUkH0g:NerKgA2LOC+311H
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Modifies security service
-
Nirsoft
-
Adds policy Run key to start application
-
Modifies Shared Task Scheduler registry keys
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Modifies WinLogon
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
5Registry Run Keys / Startup Folder
4Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
5Registry Run Keys / Startup Folder
4Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1