Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

4c651d5264...18.exe

windows7-x64

8

4c651d5264...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c651d5264683e2d654ade96736517aa_JaffaCakes118

  • Size

    160KB

  • Sample

    240716-cng86atalf

  • MD5

    4c651d5264683e2d654ade96736517aa

  • SHA1

    3f719307c7f9f47e8b7b8cf4c181dd87f82befb4

  • SHA256

    383848a72073f274cc33b502030e13427981a6b144b26c8d70f4b7cf1afbbd91

  • SHA512

    abdf044c131c035b07637e2ca2df2ac770a3a056e900b62050e79c9e8eda9ea49564ccc6fd6296b60563f432c9b0d90cd5b4f47199873c51af0c927981905644

  • SSDEEP

    3072:h/SY8+c2xq3ddXJAB0wJAKyUvqolAnQ0gol06jykq1x4SA:h6Y8xTJAB0ebyU2nQ0gUHykq1/

Score
8/10
evasionpersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      4c651d5264683e2d654ade96736517aa_JaffaCakes118

    • Size

      160KB

    • MD5

      4c651d5264683e2d654ade96736517aa

    • SHA1

      3f719307c7f9f47e8b7b8cf4c181dd87f82befb4

    • SHA256

      383848a72073f274cc33b502030e13427981a6b144b26c8d70f4b7cf1afbbd91

    • SHA512

      abdf044c131c035b07637e2ca2df2ac770a3a056e900b62050e79c9e8eda9ea49564ccc6fd6296b60563f432c9b0d90cd5b4f47199873c51af0c927981905644

    • SSDEEP

      3072:h/SY8+c2xq3ddXJAB0wJAKyUvqolAnQ0gol06jykq1x4SA:h6Y8xTJAB0ebyU2nQ0gUHykq1/

    Score
    8/10
    evasionpersistenceprivilege_escalationspywarestealer

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials in Registry

1
T1552.002

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.