Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
37ddfb7305b3244d4c4db0676134fd06_JaffaCakes118
-
Size
3.5MB
-
Sample
240711-f5qtea1ejp
-
MD5
37ddfb7305b3244d4c4db0676134fd06
-
SHA1
70b1ddd7d4b098d651a2ba6c07e8d0834b82c45b
-
SHA256
f51652b3c16d5b11a8f601d7e3604839292c811e4a11d761a32259278f66d004
-
SHA512
806cc165121777d35341aa946401517652212115ce48b2e26c290fe645ffda946c37123873d9a1c3a36fc752e7e0999c65d193c0bedd6242a12a9723967841c9
-
SSDEEP
98304:sAKDPUTGHXoXe79PUgyLq9Nf4yvH5dNu6lF+:QP4G3oa9PXJ9Nf465dU6S
Behavioral task
behavioral1
Sample
37ddfb7305b3244d4c4db0676134fd06_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
37ddfb7305b3244d4c4db0676134fd06_JaffaCakes118
-
Size
3.5MB
-
MD5
37ddfb7305b3244d4c4db0676134fd06
-
SHA1
70b1ddd7d4b098d651a2ba6c07e8d0834b82c45b
-
SHA256
f51652b3c16d5b11a8f601d7e3604839292c811e4a11d761a32259278f66d004
-
SHA512
806cc165121777d35341aa946401517652212115ce48b2e26c290fe645ffda946c37123873d9a1c3a36fc752e7e0999c65d193c0bedd6242a12a9723967841c9
-
SSDEEP
98304:sAKDPUTGHXoXe79PUgyLq9Nf4yvH5dNu6lF+:QP4G3oa9PXJ9Nf465dU6S
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1