Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6ff25c4c12b84f2cb1b26fe8059a5bf4_JaffaCakes118
-
Size
672KB
-
Sample
240725-rp6qgawend
-
MD5
6ff25c4c12b84f2cb1b26fe8059a5bf4
-
SHA1
9f8dfbff57c2a2f6247946635899446e5d2fce90
-
SHA256
e4d6f6a064b6342dfd55a90f25bc27056bbcd64efeadd28fd2b9aae4e8c135a2
-
SHA512
99748b83cdb4cf0b421d31214a18a5fdf63ede9bd8a18b886b80b887396046e87ceb227995eb8871d396d19940156474df8f32af0bdeb45b9da401964ed6bf26
-
SSDEEP
12288:SeuOpm1o+LcHAjbFgx52l4WjNT2BObzG7Cwk5+tWe7e7ZgahFRBE3Rad3m:J1jIXfj9zG7qoyZtruMFm
Static task
static1
Behavioral task
behavioral1
Sample
6ff25c4c12b84f2cb1b26fe8059a5bf4_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
6ff25c4c12b84f2cb1b26fe8059a5bf4_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
6ff25c4c12b84f2cb1b26fe8059a5bf4_JaffaCakes118
-
Size
672KB
-
MD5
6ff25c4c12b84f2cb1b26fe8059a5bf4
-
SHA1
9f8dfbff57c2a2f6247946635899446e5d2fce90
-
SHA256
e4d6f6a064b6342dfd55a90f25bc27056bbcd64efeadd28fd2b9aae4e8c135a2
-
SHA512
99748b83cdb4cf0b421d31214a18a5fdf63ede9bd8a18b886b80b887396046e87ceb227995eb8871d396d19940156474df8f32af0bdeb45b9da401964ed6bf26
-
SSDEEP
12288:SeuOpm1o+LcHAjbFgx52l4WjNT2BObzG7Cwk5+tWe7e7ZgahFRBE3Rad3m:J1jIXfj9zG7qoyZtruMFm
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1