Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
633ea3f02e5af0b944e262579a0bd104_JaffaCakes118
-
Size
960KB
-
Sample
240722-p26j5ayfpp
-
MD5
633ea3f02e5af0b944e262579a0bd104
-
SHA1
f026dab6d57a0c91fc50426ad6eb302df3ade9cf
-
SHA256
2c4ec961cbfbd97190b73e8825c3326f343f0efcfea615fb88f7de48ff693b7f
-
SHA512
e81bbf4cf79a4d01dcb98d43e9c3ca20b118eda23d5b2567017df1f95302c92cef12ff133ef580418a9196a881321fa1cca68990b0da19521f0e2647b8793a04
-
SSDEEP
24576:QnHwA5D5D+iR6zhgqEgPjpdsUowULHGiYKm8:KV7LkCUoNHc8
Static task
static1
Behavioral task
behavioral1
Sample
633ea3f02e5af0b944e262579a0bd104_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
633ea3f02e5af0b944e262579a0bd104_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
633ea3f02e5af0b944e262579a0bd104_JaffaCakes118
-
Size
960KB
-
MD5
633ea3f02e5af0b944e262579a0bd104
-
SHA1
f026dab6d57a0c91fc50426ad6eb302df3ade9cf
-
SHA256
2c4ec961cbfbd97190b73e8825c3326f343f0efcfea615fb88f7de48ff693b7f
-
SHA512
e81bbf4cf79a4d01dcb98d43e9c3ca20b118eda23d5b2567017df1f95302c92cef12ff133ef580418a9196a881321fa1cca68990b0da19521f0e2647b8793a04
-
SSDEEP
24576:QnHwA5D5D+iR6zhgqEgPjpdsUowULHGiYKm8:KV7LkCUoNHc8
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-