Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
162c4353341d051b56846e3ba5bfe3f7_JaffaCakes118
-
Size
140KB
-
Sample
240627-qrxpxatdla
-
MD5
162c4353341d051b56846e3ba5bfe3f7
-
SHA1
cc954332519cdf44aa3d0f41713099d9c875e7d6
-
SHA256
34afc45610acd3da38d3e0dce2188c4e497e022c4a9c682835e1d0dad8db3377
-
SHA512
3e542b971cfb84465e70ae13c0ba93e8582aaab429982ff6eed106e5801ba2e563fd8c107baa9081adc602b120ed7362dc9cd3f5c58bbf22b36a05bb9e636832
-
SSDEEP
1536:YPqQV/AQGO9pfU+TGTrhfMgVatRsa6FFjbsg0vea52eGs7Wcp0yJGmhZoJb1i+:bPYp5TGvlM9D0+7ea5FoyJxoXi+
Static task
static1
Behavioral task
behavioral1
Sample
162c4353341d051b56846e3ba5bfe3f7_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
162c4353341d051b56846e3ba5bfe3f7_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
162c4353341d051b56846e3ba5bfe3f7_JaffaCakes118
-
Size
140KB
-
MD5
162c4353341d051b56846e3ba5bfe3f7
-
SHA1
cc954332519cdf44aa3d0f41713099d9c875e7d6
-
SHA256
34afc45610acd3da38d3e0dce2188c4e497e022c4a9c682835e1d0dad8db3377
-
SHA512
3e542b971cfb84465e70ae13c0ba93e8582aaab429982ff6eed106e5801ba2e563fd8c107baa9081adc602b120ed7362dc9cd3f5c58bbf22b36a05bb9e636832
-
SSDEEP
1536:YPqQV/AQGO9pfU+TGTrhfMgVatRsa6FFjbsg0vea52eGs7Wcp0yJGmhZoJb1i+:bPYp5TGvlM9D0+7ea5FoyJxoXi+
Score10/10-
Modifies security service
-
Modifies visiblity of hidden/system files in Explorer
-
Event Triggered Execution: Image File Execution Options Injection
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
3