Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2122a171e6...18.exe

windows7-x64

10

2122a171e6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2122a171e6197bd8d1aa986dacf033e7_JaffaCakes118

  • Size

    20KB

  • Sample

    240703-fh6aksyble

  • MD5

    2122a171e6197bd8d1aa986dacf033e7

  • SHA1

    aa2f603cc0f553d94527c087af91e8805e049206

  • SHA256

    3336d0a792b14da9c3249f04be5b2c4c78f36232957d20326c5dec67ba5855d7

  • SHA512

    ea8bec085682c6955d46b0d6fe9999e340a5bc85790b6489b7e03816e0e5cc8dfad4b28ec6e9fd0cbc0ae7921869343830daf531565ae4b0c06419dad97ff362

  • SSDEEP

    384:+E20kjGwdjuMGaJHDVcNTXkkgl6QUUVrV90Tfi3t5Mn7s1LEFeeHbamXF:+Exk6wdjuaJRcNzkkeUUFV9Yfee8keet

Score
10/10
persistence

Malware Config

Targets

    • Target

      2122a171e6197bd8d1aa986dacf033e7_JaffaCakes118

    • Size

      20KB

    • MD5

      2122a171e6197bd8d1aa986dacf033e7

    • SHA1

      aa2f603cc0f553d94527c087af91e8805e049206

    • SHA256

      3336d0a792b14da9c3249f04be5b2c4c78f36232957d20326c5dec67ba5855d7

    • SHA512

      ea8bec085682c6955d46b0d6fe9999e340a5bc85790b6489b7e03816e0e5cc8dfad4b28ec6e9fd0cbc0ae7921869343830daf531565ae4b0c06419dad97ff362

    • SSDEEP

      384:+E20kjGwdjuMGaJHDVcNTXkkgl6QUUVrV90Tfi3t5Mn7s1LEFeeHbamXF:+Exk6wdjuaJRcNzkkeUUFV9Yfee8keet

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks