Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6a25ac6cb56675a00eaef59fa44126ff_JaffaCakes118
-
Size
256KB
-
Sample
240724-ee8qvsxajp
-
MD5
6a25ac6cb56675a00eaef59fa44126ff
-
SHA1
33ce275fefa3cf530ebd19ad45eb63955b7739a9
-
SHA256
b41a84f48eca6b5925c74d04f2e112858d01eacd4b1e7fe4c66c31b94463e717
-
SHA512
3d6c95521d9ee2a8fd9653be1a6bf2a91af466efb3dab4d98d114af0a36948d65401925291407315d05683794a09667cadacce55a1deaedefd0b8d6e01656094
-
SSDEEP
6144:+7RPGkG+2O01WQY4MyTjGMT8N00lFKgOLpE4dFbbxGo:+7RekGLO0CyvGMT8N00GlDM
Static task
static1
Behavioral task
behavioral1
Sample
6a25ac6cb56675a00eaef59fa44126ff_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
6a25ac6cb56675a00eaef59fa44126ff_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
6a25ac6cb56675a00eaef59fa44126ff_JaffaCakes118
-
Size
256KB
-
MD5
6a25ac6cb56675a00eaef59fa44126ff
-
SHA1
33ce275fefa3cf530ebd19ad45eb63955b7739a9
-
SHA256
b41a84f48eca6b5925c74d04f2e112858d01eacd4b1e7fe4c66c31b94463e717
-
SHA512
3d6c95521d9ee2a8fd9653be1a6bf2a91af466efb3dab4d98d114af0a36948d65401925291407315d05683794a09667cadacce55a1deaedefd0b8d6e01656094
-
SSDEEP
6144:+7RPGkG+2O01WQY4MyTjGMT8N00lFKgOLpE4dFbbxGo:+7RekGLO0CyvGMT8N00GlDM
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2