75f0f21737fed722cba5c80dacdb50614a3e5240efae04108af4e9cc7ae0c707 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2b7083e65c...18.exe

windows7-x64

7

2b7083e65c...18.exe

windows10-2004-x64

7

Sharing

General

Target

2b7083e65c670f754f718600eb292cfb_JaffaCakes118
Size

157KB
Sample

240708-h5gxlszhka
MD5

2b7083e65c670f754f718600eb292cfb
SHA1

2c958a67f029d6dc730ad0e94290a5a635225300
SHA256

75f0f21737fed722cba5c80dacdb50614a3e5240efae04108af4e9cc7ae0c707
SHA512

f7ab0e909e7763d65d71153e289a2fd52a5b708f6756423bb9f74069d7f99841d99f98553fe3e4f327f5590d7c1a6c26815fb068b4e02857b110b4d5b815b250
SSDEEP

3072:Vp9pZqP95Oh1DDyjRvxwKU9LfnnOgW4jKIWO977dW18DjVjR:DZE5+13ylv+nDn8O9HdqqJj

Score

7^/10

persistence privilege_escalation

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2b7083e65c670f754f718600eb292cfb_JaffaCakes118.exe

Resource

win7-20240704-en

persistence privilege_escalation

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2b7083e65c670f754f718600eb292cfb_JaffaCakes118.exe

Resource

win10v2004-20240704-en

persistence privilege_escalation

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2b7083e65c670f754f718600eb292cfb_JaffaCakes118
- Size
  
  157KB
- MD5
  
  2b7083e65c670f754f718600eb292cfb
- SHA1
  
  2c958a67f029d6dc730ad0e94290a5a635225300
- SHA256
  
  75f0f21737fed722cba5c80dacdb50614a3e5240efae04108af4e9cc7ae0c707
- SHA512
  
  f7ab0e909e7763d65d71153e289a2fd52a5b708f6756423bb9f74069d7f99841d99f98553fe3e4f327f5590d7c1a6c26815fb068b4e02857b110b4d5b815b250
- SSDEEP
  
  3072:Vp9pZqP95Oh1DDyjRvxwKU9LfnnOgW4jKIWO977dW18DjVjR:DZE5+13ylv+nDn8O9HdqqJj
Score

7^/10

persistence privilege_escalation
- Deletes itself
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation

© 2018-2025

Terms | Privacy