Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2849b60eb790f8127e85d8d6a433846e_JaffaCakes118
-
Size
500KB
-
Sample
240706-mzj71azand
-
MD5
2849b60eb790f8127e85d8d6a433846e
-
SHA1
b9a587a965d3c91bac29d2aa138e3a0680927454
-
SHA256
782979c3363efffb51a2cbd969c7e108b7132df495b239fef88639c1059a98cf
-
SHA512
285c0bb8bf6c4f240d282c52351281d56e38e2e46447812b9e8bf663fa8501ae44216301fb3c1fb5324d542523bd1702f60fb135ead0b502ed39b8ff6a9b7a23
-
SSDEEP
12288:BXNRS8FLnOi1fGB+6uvocZUFy2enYu2vlipnN47s:BXPSYyi1+B+6SDU42eYu2vAcI
Behavioral task
behavioral1
Sample
2849b60eb790f8127e85d8d6a433846e_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2849b60eb790f8127e85d8d6a433846e_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
2849b60eb790f8127e85d8d6a433846e_JaffaCakes118
-
Size
500KB
-
MD5
2849b60eb790f8127e85d8d6a433846e
-
SHA1
b9a587a965d3c91bac29d2aa138e3a0680927454
-
SHA256
782979c3363efffb51a2cbd969c7e108b7132df495b239fef88639c1059a98cf
-
SHA512
285c0bb8bf6c4f240d282c52351281d56e38e2e46447812b9e8bf663fa8501ae44216301fb3c1fb5324d542523bd1702f60fb135ead0b502ed39b8ff6a9b7a23
-
SSDEEP
12288:BXNRS8FLnOi1fGB+6uvocZUFy2enYu2vlipnN47s:BXPSYyi1+B+6SDU42eYu2vAcI
Score8/10-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-