Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3039e2ee34950a14ed25df21fc63634c_JaffaCakes118
-
Size
212KB
-
Sample
240709-ntbjcatgke
-
MD5
3039e2ee34950a14ed25df21fc63634c
-
SHA1
e8f06750a01704ffb805d988de1a4901c7770179
-
SHA256
3e0a0694c8ce5b699bf628505fbba2ce599816883d4d996b8297411aace74190
-
SHA512
9909ad8bc1f897d2a8cbc4b150177a2692609ef8dcbbee9a3fae06906fda1ba2495f7871891ae9065f4f5f5364a3c829e1d9038dd4dd56e69bbd193d8566acc5
-
SSDEEP
6144:Dc9kfgNnCYP40Xf/9PJR8WjN4VRNuX/hYH:gWfgIanlJ2YGVG/qH
Static task
static1
Behavioral task
behavioral1
Sample
3039e2ee34950a14ed25df21fc63634c_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3039e2ee34950a14ed25df21fc63634c_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
3039e2ee34950a14ed25df21fc63634c_JaffaCakes118
-
Size
212KB
-
MD5
3039e2ee34950a14ed25df21fc63634c
-
SHA1
e8f06750a01704ffb805d988de1a4901c7770179
-
SHA256
3e0a0694c8ce5b699bf628505fbba2ce599816883d4d996b8297411aace74190
-
SHA512
9909ad8bc1f897d2a8cbc4b150177a2692609ef8dcbbee9a3fae06906fda1ba2495f7871891ae9065f4f5f5364a3c829e1d9038dd4dd56e69bbd193d8566acc5
-
SSDEEP
6144:Dc9kfgNnCYP40Xf/9PJR8WjN4VRNuX/hYH:gWfgIanlJ2YGVG/qH
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2