Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3ebd5f4ded0c75e7f67b3db28b84bf5f_JaffaCakes118
-
Size
1.7MB
-
Sample
240712-y23ynsydjl
-
MD5
3ebd5f4ded0c75e7f67b3db28b84bf5f
-
SHA1
1d99ea9979a89332f83ee802e54e03a4db1652e1
-
SHA256
6e64fd50cb9d38dceb3e6100794f3c11e3b8a458f6265b80101f1d976ad5564f
-
SHA512
8b5c46ed3b3a8bd6fcd59aa662a26632d400780c5bbe7430752813a1a8f189028af1c22abb7a512533fa68fda4fdd007c16b89509d5407c22543371bf169d870
-
SSDEEP
49152:3X3cC99eprWnVNCLaZzCfB43ejbu7BqSXO5YytTEdg:nspprFL/4a6VoDES
Static task
static1
Behavioral task
behavioral1
Sample
3ebd5f4ded0c75e7f67b3db28b84bf5f_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3ebd5f4ded0c75e7f67b3db28b84bf5f_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
3ebd5f4ded0c75e7f67b3db28b84bf5f_JaffaCakes118
-
Size
1.7MB
-
MD5
3ebd5f4ded0c75e7f67b3db28b84bf5f
-
SHA1
1d99ea9979a89332f83ee802e54e03a4db1652e1
-
SHA256
6e64fd50cb9d38dceb3e6100794f3c11e3b8a458f6265b80101f1d976ad5564f
-
SHA512
8b5c46ed3b3a8bd6fcd59aa662a26632d400780c5bbe7430752813a1a8f189028af1c22abb7a512533fa68fda4fdd007c16b89509d5407c22543371bf169d870
-
SSDEEP
49152:3X3cC99eprWnVNCLaZzCfB43ejbu7BqSXO5YytTEdg:nspprFL/4a6VoDES
-
Drops file in Drivers directory
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Browser Extensions
1Event Triggered Execution
1AppInit DLLs
1Pre-OS Boot
1Bootkit
1