Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6f867033d12343caae169816571bbc96_JaffaCakes118
-
Size
245KB
-
Sample
240725-pdz3faxhkq
-
MD5
6f867033d12343caae169816571bbc96
-
SHA1
ea22775d7ea1095c5ba14c6cbc581277162a8f95
-
SHA256
78efc6a4a94478a2442226fdb33bac4a551f5a4da513ebd503a84a24e67c2912
-
SHA512
677ee09abaa42a444ccdd5e7ef04175e8a1743ff5a8a7b0667b21ea4d2667f3ecf938b9495247d1c05be64a99056409791b548545e3ca259aa86565ff20f543f
-
SSDEEP
6144:SIEMxnh451gpkh15KYL27xs0AJvwRQwsWrn:WzTQW5fL27xs0Ovw
Static task
static1
Behavioral task
behavioral1
Sample
6f867033d12343caae169816571bbc96_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
6f867033d12343caae169816571bbc96_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
6f867033d12343caae169816571bbc96_JaffaCakes118
-
Size
245KB
-
MD5
6f867033d12343caae169816571bbc96
-
SHA1
ea22775d7ea1095c5ba14c6cbc581277162a8f95
-
SHA256
78efc6a4a94478a2442226fdb33bac4a551f5a4da513ebd503a84a24e67c2912
-
SHA512
677ee09abaa42a444ccdd5e7ef04175e8a1743ff5a8a7b0667b21ea4d2667f3ecf938b9495247d1c05be64a99056409791b548545e3ca259aa86565ff20f543f
-
SSDEEP
6144:SIEMxnh451gpkh15KYL27xs0AJvwRQwsWrn:WzTQW5fL27xs0Ovw
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1