Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
76431871bbbcbf9c2b5f319a0d206e5a_JaffaCakes118
-
Size
870KB
-
Sample
240726-3wgkpssfqr
-
MD5
76431871bbbcbf9c2b5f319a0d206e5a
-
SHA1
d044404ffa4ae7c52b4b22d9a71e8dd065ed3fd3
-
SHA256
f5613c6137484b90027d1a9384a4a8065dd465129a17ce79f4bec5bd53ff1284
-
SHA512
7a9114057941d9d84443661caee365b13e3bb1dd34098cf9ed0d7d145b2c1eda472413541f01441d67379306f454ed907d089bedce6a6450837c975d508448f6
-
SSDEEP
12288:HYmiHHdBLtjUjweAxP54f+4r0RUKzKQfiINLAemYyBs02fUYQ2Vm88W7IOcCfQd2:HK5BUuP5A+447fdNESAs0Gn8WRfYd
Static task
static1
Behavioral task
behavioral1
Sample
76431871bbbcbf9c2b5f319a0d206e5a_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
76431871bbbcbf9c2b5f319a0d206e5a_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
76431871bbbcbf9c2b5f319a0d206e5a_JaffaCakes118
-
Size
870KB
-
MD5
76431871bbbcbf9c2b5f319a0d206e5a
-
SHA1
d044404ffa4ae7c52b4b22d9a71e8dd065ed3fd3
-
SHA256
f5613c6137484b90027d1a9384a4a8065dd465129a17ce79f4bec5bd53ff1284
-
SHA512
7a9114057941d9d84443661caee365b13e3bb1dd34098cf9ed0d7d145b2c1eda472413541f01441d67379306f454ed907d089bedce6a6450837c975d508448f6
-
SSDEEP
12288:HYmiHHdBLtjUjweAxP54f+4r0RUKzKQfiINLAemYyBs02fUYQ2Vm88W7IOcCfQd2:HK5BUuP5A+447fdNESAs0Gn8WRfYd
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1