Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2707697781ba3b87514705443ed654cc_JaffaCakes118
-
Size
592KB
-
Sample
240705-tsnp6s1flr
-
MD5
2707697781ba3b87514705443ed654cc
-
SHA1
1f83e39d65886d501627db731b29fb05398e86fb
-
SHA256
c0cd2336d642f10a938d8a528f6ae4611688440b5cd01acdce42665d8027e426
-
SHA512
fab4063eaae1ec3460ababf359cfac499aeb33173f5d8c129f0ec4d6f8ec3ce11eec61e1d2b1888c3073837e7d59aaee0d1f1e4128cafc109536a5e2eba7da03
-
SSDEEP
12288:MeEcNC1rnQ/95aFs53Vj4UxNbjXDzxZ39IwGjLTHj33m:bEcfl5ak9fbjRswGj/j33m
Malware Config
Targets
-
-
Target
2707697781ba3b87514705443ed654cc_JaffaCakes118
-
Size
592KB
-
MD5
2707697781ba3b87514705443ed654cc
-
SHA1
1f83e39d65886d501627db731b29fb05398e86fb
-
SHA256
c0cd2336d642f10a938d8a528f6ae4611688440b5cd01acdce42665d8027e426
-
SHA512
fab4063eaae1ec3460ababf359cfac499aeb33173f5d8c129f0ec4d6f8ec3ce11eec61e1d2b1888c3073837e7d59aaee0d1f1e4128cafc109536a5e2eba7da03
-
SSDEEP
12288:MeEcNC1rnQ/95aFs53Vj4UxNbjXDzxZ39IwGjLTHj33m:bEcfl5ak9fbjRswGj/j33m
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1