Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
210619e23f9680333393f28461f093d6_JaffaCakes118
-
Size
404KB
-
Sample
240703-epnhnswgrg
-
MD5
210619e23f9680333393f28461f093d6
-
SHA1
2425077adfacabb570fc6e717f987f9d8e8c5ff7
-
SHA256
cc16d24d1d6b7c806908c6f16ac3827c1d352e4c0c05e4ad47a391746688562a
-
SHA512
c12ffe1c465b8884cfc816e6b6e10fdc1a3dcdb419cf2c7643eba69416005d019f4b43084625ae36fc51e2ce3e4c8929e0aaa129c1bcbb61604de9f201837715
-
SSDEEP
6144:kTnjnvrM3mjHGh5Doh9Z5cAea4Jv81E66Hwc2Fq4t:kHn438Hwerea2vEEFz2F
Behavioral task
behavioral1
Sample
210619e23f9680333393f28461f093d6_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
210619e23f9680333393f28461f093d6_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
210619e23f9680333393f28461f093d6_JaffaCakes118
-
Size
404KB
-
MD5
210619e23f9680333393f28461f093d6
-
SHA1
2425077adfacabb570fc6e717f987f9d8e8c5ff7
-
SHA256
cc16d24d1d6b7c806908c6f16ac3827c1d352e4c0c05e4ad47a391746688562a
-
SHA512
c12ffe1c465b8884cfc816e6b6e10fdc1a3dcdb419cf2c7643eba69416005d019f4b43084625ae36fc51e2ce3e4c8929e0aaa129c1bcbb61604de9f201837715
-
SSDEEP
6144:kTnjnvrM3mjHGh5Doh9Z5cAea4Jv81E66Hwc2Fq4t:kHn438Hwerea2vEEFz2F
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4