Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

763ef81345...18.exe

windows7-x64

10

763ef81345...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    763ef81345f2e3046e07ce3c9fc772b6_JaffaCakes118

  • Size

    608KB

  • Sample

    240726-3sjwnawbjh

  • MD5

    763ef81345f2e3046e07ce3c9fc772b6

  • SHA1

    e7b4ee03f99b23be9d19bcdbc13a3ea8e3b7a852

  • SHA256

    f200b09ded14613804a32d367733c8e38e7c6d207a62e1c911b5ddf1e5a68545

  • SHA512

    2d068e5a57d4aa232b81116c00b7e9ed33e2c6cfe8b9e37bb88666b372471dc5232cbba4bb6fee383aabdc0a05c2c5bf174ccb2875653484f886f158ede9347e

  • SSDEEP

    12288:zjgVEGHSRgah8p5gkd7mNvZn479Q5bQjNDhlWM:zimRg/mv2q5bm3P

Score
10/10
discoveryevasionexecutionspywarestealertrojan

Malware Config

Targets

    • Target

      763ef81345f2e3046e07ce3c9fc772b6_JaffaCakes118

    • Size

      608KB

    • MD5

      763ef81345f2e3046e07ce3c9fc772b6

    • SHA1

      e7b4ee03f99b23be9d19bcdbc13a3ea8e3b7a852

    • SHA256

      f200b09ded14613804a32d367733c8e38e7c6d207a62e1c911b5ddf1e5a68545

    • SHA512

      2d068e5a57d4aa232b81116c00b7e9ed33e2c6cfe8b9e37bb88666b372471dc5232cbba4bb6fee383aabdc0a05c2c5bf174ccb2875653484f886f158ede9347e

    • SSDEEP

      12288:zjgVEGHSRgah8p5gkd7mNvZn479Q5bQjNDhlWM:zimRg/mv2q5bm3P

    Score
    10/10
    discoveryevasionexecutionspywarestealertrojan

    • Disables service(s)

      evasionexecution

    • Modifies visibility of file extensions in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Hide Artifacts

3
T1564

Hidden Files and Directories

3
T1564.001

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Network Share Discovery

1
T1135

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Service Stop

1
T1489

Tasks