Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
22094d5610536c777379742f097e9205_JaffaCakes118
-
Size
365KB
-
Sample
240703-mks7csyald
-
MD5
22094d5610536c777379742f097e9205
-
SHA1
0677a872535b5e8a116b32f9bfe2606937a043d8
-
SHA256
d3f144e37a9e5a6e6e0f4232a39371512fd4a6fcb677bc1813212651aa06a630
-
SHA512
2504337bb1b171e080ec2f3d8aa0f931e7c76c7edb630da7dce022b69cb0386aa4338db12a6f43e8058fe3e1c9be27416b6cdb2302eeba66795a0e1caf6d1c45
-
SSDEEP
6144:hGyGzOYXNJ90u43czRhZ4JDEBEkSphstJZVKNPUNUH1H2koUnuQVyM4:h3mN30uth+JhgXm8IV2enDI
Behavioral task
behavioral1
Sample
22094d5610536c777379742f097e9205_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
22094d5610536c777379742f097e9205_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
22094d5610536c777379742f097e9205_JaffaCakes118
-
Size
365KB
-
MD5
22094d5610536c777379742f097e9205
-
SHA1
0677a872535b5e8a116b32f9bfe2606937a043d8
-
SHA256
d3f144e37a9e5a6e6e0f4232a39371512fd4a6fcb677bc1813212651aa06a630
-
SHA512
2504337bb1b171e080ec2f3d8aa0f931e7c76c7edb630da7dce022b69cb0386aa4338db12a6f43e8058fe3e1c9be27416b6cdb2302eeba66795a0e1caf6d1c45
-
SSDEEP
6144:hGyGzOYXNJ90u43czRhZ4JDEBEkSphstJZVKNPUNUH1H2koUnuQVyM4:h3mN30uth+JhgXm8IV2enDI
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1