Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1bf0bcfd34...18.exe

windows7-x64

7

1bf0bcfd34...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1bf0bcfd342783f509d19aa1e188fb73_JaffaCakes118

  • Size

    627KB

  • Sample

    240701-wew6ha1dmc

  • MD5

    1bf0bcfd342783f509d19aa1e188fb73

  • SHA1

    ba736a888567a490a5aa48f0c3a735a9086e913e

  • SHA256

    fac25bfdbded25210d78c35f1b6a66ac2714fb8e52de64ec8d3371120df02007

  • SHA512

    26f77e915419bc75c564e82d40e2619b70bd445393558cbd72ec8310c667adcda29a715d23981a7d9828f6d8485f3d97cdfdd123ef75b9f16d5bf0735b4003b5

  • SSDEEP

    12288:KxmvLIsmU9pcZhbcwAP/f7JeIA/OUNfHcMPjle6zlssQtiEn9TMy3V6b7MP+Dd2h:GIZVu74r/f7JeIA/ZN/c2jlZJQtTn9Tb

Score
7/10
bootkitevasionpersistence

Malware Config

Targets

    • Target

      1bf0bcfd342783f509d19aa1e188fb73_JaffaCakes118

    • Size

      627KB

    • MD5

      1bf0bcfd342783f509d19aa1e188fb73

    • SHA1

      ba736a888567a490a5aa48f0c3a735a9086e913e

    • SHA256

      fac25bfdbded25210d78c35f1b6a66ac2714fb8e52de64ec8d3371120df02007

    • SHA512

      26f77e915419bc75c564e82d40e2619b70bd445393558cbd72ec8310c667adcda29a715d23981a7d9828f6d8485f3d97cdfdd123ef75b9f16d5bf0735b4003b5

    • SSDEEP

      12288:KxmvLIsmU9pcZhbcwAP/f7JeIA/OUNfHcMPjle6zlssQtiEn9TMy3V6b7MP+Dd2h:GIZVu74r/f7JeIA/ZN/c2jlZJQtTn9Tb

    Score
    7/10
    bootkitevasionpersistence

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks