Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2fe58dd25783b4e054be8ad1697e2223_JaffaCakes118
-
Size
774KB
-
Sample
240709-lvlplazfph
-
MD5
2fe58dd25783b4e054be8ad1697e2223
-
SHA1
633ddb68881701ad3c56ea9d214bdae3285dd3c1
-
SHA256
327dd0e8aba6eaeabf6892329ed66a751a4ca2c8c0a3e371347c2e9f336b97d9
-
SHA512
9693003867f102087ec808c397264b8a726cf5cf38578848f7f6a3c3deb14796aa428541aeff9118c1d2251f73026805820198155a228938e3be72141349551f
-
SSDEEP
24576:/qds2kT4wnpGFoM/dYIAlakpkSVlTEdP:/p6sgYIqlTTEdP
Static task
static1
Behavioral task
behavioral1
Sample
2fe58dd25783b4e054be8ad1697e2223_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
2fe58dd25783b4e054be8ad1697e2223_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
2fe58dd25783b4e054be8ad1697e2223_JaffaCakes118
-
Size
774KB
-
MD5
2fe58dd25783b4e054be8ad1697e2223
-
SHA1
633ddb68881701ad3c56ea9d214bdae3285dd3c1
-
SHA256
327dd0e8aba6eaeabf6892329ed66a751a4ca2c8c0a3e371347c2e9f336b97d9
-
SHA512
9693003867f102087ec808c397264b8a726cf5cf38578848f7f6a3c3deb14796aa428541aeff9118c1d2251f73026805820198155a228938e3be72141349551f
-
SSDEEP
24576:/qds2kT4wnpGFoM/dYIAlakpkSVlTEdP:/p6sgYIqlTTEdP
Score7/10-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-