Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7621cafe46475b60056b307079a25ba5_JaffaCakes118
-
Size
50KB
-
Sample
240726-2593yatfph
-
MD5
7621cafe46475b60056b307079a25ba5
-
SHA1
a0f9aca4901b8dbadaeaab660415d7ff57543f44
-
SHA256
c25bb4b87035025c73c699bcd9edc7cdb3b904042f32f6d56b822103d9f895a2
-
SHA512
21453045aa51c119ef0359c5617c53761ddf96bacca92d0dcb2729e4c766481f7f4b9c7f1f045649feced3024a1c69763e5cd43c046a0bf7e3639843ac030bd1
-
SSDEEP
768:bIqTD/H6QTrauqbEzJr9W3UiBCgFWe+ekWh5nZ2saRCuQMhjA:btiCWuqbEzVoEifUWh5Db
Malware Config
Targets
-
-
Target
7621cafe46475b60056b307079a25ba5_JaffaCakes118
-
Size
50KB
-
MD5
7621cafe46475b60056b307079a25ba5
-
SHA1
a0f9aca4901b8dbadaeaab660415d7ff57543f44
-
SHA256
c25bb4b87035025c73c699bcd9edc7cdb3b904042f32f6d56b822103d9f895a2
-
SHA512
21453045aa51c119ef0359c5617c53761ddf96bacca92d0dcb2729e4c766481f7f4b9c7f1f045649feced3024a1c69763e5cd43c046a0bf7e3639843ac030bd1
-
SSDEEP
768:bIqTD/H6QTrauqbEzJr9W3UiBCgFWe+ekWh5nZ2saRCuQMhjA:btiCWuqbEzVoEifUWh5Db
Score10/10-
Modifies WinLogon for persistence
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1