Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118
-
Size
10.8MB
-
Sample
240721-3qkp6staqn
-
MD5
61e8754e226176a4311b3bda2f7f5a4a
-
SHA1
ab7b9cc772640ae291f1e5310ed7e2424d499c84
-
SHA256
400eea86fdf5670b9ac9b96606483fda8f33ba2863b37b506ed6ab1bf882c93b
-
SHA512
093ab429daf7f07040b6c6facea781cac0852f1ac5a39d935c1483859f880cfbef5b70e75dc977ffc22de921b0f76559b3b7dfa21fe29c967ddc98a450c8ddcf
-
SSDEEP
196608:N8eM+zrUH3Z6+NWfpayWpHBFlnY+6NBg3fJzYcLlgFItURZWRLuGGHpMbdDUOzNt:NlM+zrUH3kWWRCFQBsh82lgqW8SZMbdf
Malware Config
Targets
-
-
Target
61e8754e226176a4311b3bda2f7f5a4a_JaffaCakes118
-
Size
10.8MB
-
MD5
61e8754e226176a4311b3bda2f7f5a4a
-
SHA1
ab7b9cc772640ae291f1e5310ed7e2424d499c84
-
SHA256
400eea86fdf5670b9ac9b96606483fda8f33ba2863b37b506ed6ab1bf882c93b
-
SHA512
093ab429daf7f07040b6c6facea781cac0852f1ac5a39d935c1483859f880cfbef5b70e75dc977ffc22de921b0f76559b3b7dfa21fe29c967ddc98a450c8ddcf
-
SSDEEP
196608:N8eM+zrUH3Z6+NWfpayWpHBFlnY+6NBg3fJzYcLlgFItURZWRLuGGHpMbdDUOzNt:NlM+zrUH3kWWRCFQBsh82lgqW8SZMbdf
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
MITRE ATT&CK Enterprise v15
Persistence
Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1