Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4ccef3620ed4885353203d5d5206689c_JaffaCakes118
-
Size
205KB
-
Sample
240716-e5jvesvdqk
-
MD5
4ccef3620ed4885353203d5d5206689c
-
SHA1
f97e56b04c378cd58d0ca4b56fa8e25027332bd4
-
SHA256
069c33d898fce1026f6eef24ec7a6e3367f16947662d72409d9bf07a9e16fb7e
-
SHA512
9a30ac500dc0369070a32b1ecef2eaa5f652aa2b232fc20dc09a0f4ecb535e912cc8d10a02cf076ae182049ba43385e22dfc9c958129c3871313722871afc801
-
SSDEEP
3072:iikEs0ttGAtZI24Okk8x3zAGPd+o6eZvHmylc+vuXfA2x:/TTGh2Z8xPPdj6Ujc+vIx
Static task
static1
Behavioral task
behavioral1
Sample
4ccef3620ed4885353203d5d5206689c_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
4ccef3620ed4885353203d5d5206689c_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
4ccef3620ed4885353203d5d5206689c_JaffaCakes118
-
Size
205KB
-
MD5
4ccef3620ed4885353203d5d5206689c
-
SHA1
f97e56b04c378cd58d0ca4b56fa8e25027332bd4
-
SHA256
069c33d898fce1026f6eef24ec7a6e3367f16947662d72409d9bf07a9e16fb7e
-
SHA512
9a30ac500dc0369070a32b1ecef2eaa5f652aa2b232fc20dc09a0f4ecb535e912cc8d10a02cf076ae182049ba43385e22dfc9c958129c3871313722871afc801
-
SSDEEP
3072:iikEs0ttGAtZI24Okk8x3zAGPd+o6eZvHmylc+vuXfA2x:/TTGh2Z8xPPdj6Ujc+vIx
Score8/10-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-