Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3b3c19e3fac4b69c8ebffafb7043c5bd_JaffaCakes118
-
Size
862KB
-
Sample
240711-31vm5asemf
-
MD5
3b3c19e3fac4b69c8ebffafb7043c5bd
-
SHA1
e04b2fde5f4c83df0d819314a1846ac7f3ad61b2
-
SHA256
8c7069790c6cc6997180516b9ae515d35743f51ac4e6995a9b960a41dfbb8200
-
SHA512
f0bb2188af26ae5a0a6c98576afb218a2d09bd13abdf633fc2bbb8439a4761d19314408551086ef08c39b0fe9fa5570d64c8e1eb539f023293b69fe266fe2ed7
-
SSDEEP
24576:f4P/gzEt/GaG93cnFBcKa+VHQ15CmD/v8rS:f4P/MEt/bnFBcKa+VHQ15f/UrS
Malware Config
Targets
-
-
Target
3b3c19e3fac4b69c8ebffafb7043c5bd_JaffaCakes118
-
Size
862KB
-
MD5
3b3c19e3fac4b69c8ebffafb7043c5bd
-
SHA1
e04b2fde5f4c83df0d819314a1846ac7f3ad61b2
-
SHA256
8c7069790c6cc6997180516b9ae515d35743f51ac4e6995a9b960a41dfbb8200
-
SHA512
f0bb2188af26ae5a0a6c98576afb218a2d09bd13abdf633fc2bbb8439a4761d19314408551086ef08c39b0fe9fa5570d64c8e1eb539f023293b69fe266fe2ed7
-
SSDEEP
24576:f4P/gzEt/GaG93cnFBcKa+VHQ15CmD/v8rS:f4P/MEt/bnFBcKa+VHQ15f/UrS
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1