Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
444ffd2c05db0948b9e701808c4b1a4b_JaffaCakes118
-
Size
340KB
-
Sample
240714-e4wgtsygre
-
MD5
444ffd2c05db0948b9e701808c4b1a4b
-
SHA1
d005827f5eccd133506fd52c814336dd98ba83fb
-
SHA256
1d3e3b5f4efa671ae7858d0c082c1cf86930293b9243eebf2ca0239e09d26344
-
SHA512
4a57a41e9d533077f0fbbe98a0e75aca236806b31f87f7ea3a059e5d4c8e92704b07ea8dfd41028747117224a07fe4f2f146597cb9c4924501d73f53563df080
-
SSDEEP
3072:GWSHWiNo/ftfQKAc94/3bXZ3Nk6Rk3+X8TKhPUrpljE2Ej5jE2Ej5jE2Ej8:GWZfec9EbXDk6RkQKjE2EBE2EBE2E4
Behavioral task
behavioral1
Sample
444ffd2c05db0948b9e701808c4b1a4b_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
444ffd2c05db0948b9e701808c4b1a4b_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
444ffd2c05db0948b9e701808c4b1a4b_JaffaCakes118
-
Size
340KB
-
MD5
444ffd2c05db0948b9e701808c4b1a4b
-
SHA1
d005827f5eccd133506fd52c814336dd98ba83fb
-
SHA256
1d3e3b5f4efa671ae7858d0c082c1cf86930293b9243eebf2ca0239e09d26344
-
SHA512
4a57a41e9d533077f0fbbe98a0e75aca236806b31f87f7ea3a059e5d4c8e92704b07ea8dfd41028747117224a07fe4f2f146597cb9c4924501d73f53563df080
-
SSDEEP
3072:GWSHWiNo/ftfQKAc94/3bXZ3Nk6Rk3+X8TKhPUrpljE2Ej5jE2Ej5jE2Ej8:GWZfec9EbXDk6RkQKjE2EBE2EBE2E4
Score10/10-
Modifies visibility of file extensions in Explorer
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1