Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4c889bbb32888fac576629a454a7cd0b_JaffaCakes118
-
Size
100KB
-
Sample
240716-dh9lwssbln
-
MD5
4c889bbb32888fac576629a454a7cd0b
-
SHA1
515cdd48ea8f4647b73bdcde29305d90eb754f32
-
SHA256
442f209fb18d78eb30f5e3cdaf73a4a03edff0d8801f63432ff9ffe67f475a9e
-
SHA512
d2c164e2c416083a9ffb882f3acdfea55f6f2f60f6a458bd457a4a747740fcbb8cb13c2cc293695b3044294afe1435f646c77f393ab351a2d741179f87047ef9
-
SSDEEP
3072:FwYLn4919swCk4OR3I9UGVk8jwaaHw7Koj4rDMHRO:LLnQ19sWRG4Sc
Malware Config
Targets
-
-
Target
4c889bbb32888fac576629a454a7cd0b_JaffaCakes118
-
Size
100KB
-
MD5
4c889bbb32888fac576629a454a7cd0b
-
SHA1
515cdd48ea8f4647b73bdcde29305d90eb754f32
-
SHA256
442f209fb18d78eb30f5e3cdaf73a4a03edff0d8801f63432ff9ffe67f475a9e
-
SHA512
d2c164e2c416083a9ffb882f3acdfea55f6f2f60f6a458bd457a4a747740fcbb8cb13c2cc293695b3044294afe1435f646c77f393ab351a2d741179f87047ef9
-
SSDEEP
3072:FwYLn4919swCk4OR3I9UGVk8jwaaHw7Koj4rDMHRO:LLnQ19sWRG4Sc
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UAC bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1