Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
30885b7a0d8fe3cdc05243135577ea74_JaffaCakes118
-
Size
8.7MB
-
Sample
240709-qjrtpawbml
-
MD5
30885b7a0d8fe3cdc05243135577ea74
-
SHA1
b55efb170f966d474e636e6368058e6c5393f3f6
-
SHA256
630e7ad9d5ae6e35cce1717e2bb9fa9e702458fa0bb6f6b5c8f681bf433ff917
-
SHA512
6d26b67150e9d0b45738ccf20242da9302efeb6851e981dfb0c808e52988e8a5ce299ce7052c94d92582cbef0ce456d57f08e1bb8d703e3828162d7b040edfc0
-
SSDEEP
196608:MDFMT+sGCSkxBkt0GxDir4A40TonAqh+2bYzE:MXCHBk2tTona28z
Static task
static1
Behavioral task
behavioral1
Sample
30885b7a0d8fe3cdc05243135577ea74_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
30885b7a0d8fe3cdc05243135577ea74_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
30885b7a0d8fe3cdc05243135577ea74_JaffaCakes118
-
Size
8.7MB
-
MD5
30885b7a0d8fe3cdc05243135577ea74
-
SHA1
b55efb170f966d474e636e6368058e6c5393f3f6
-
SHA256
630e7ad9d5ae6e35cce1717e2bb9fa9e702458fa0bb6f6b5c8f681bf433ff917
-
SHA512
6d26b67150e9d0b45738ccf20242da9302efeb6851e981dfb0c808e52988e8a5ce299ce7052c94d92582cbef0ce456d57f08e1bb8d703e3828162d7b040edfc0
-
SSDEEP
196608:MDFMT+sGCSkxBkt0GxDir4A40TonAqh+2bYzE:MXCHBk2tTona28z
-
Modifies Windows Firewall
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1