Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
735f2f3c0d78551946debbaae311ac44_JaffaCakes118
-
Size
2.5MB
-
Sample
240726-ktw89sxgnq
-
MD5
735f2f3c0d78551946debbaae311ac44
-
SHA1
0fbac06cea353237b488decd7fb172d8a4fdd1e6
-
SHA256
79525c2360d5eb5b817a6ae852ab1daeb3de171f1fb04c3f67cc62b0cf78765e
-
SHA512
556f89b7a61acf5226e5cc5845d146aff96d9f9e8ac8c6c7d53846c29d0679f24c5c0d4cf2e5bab70c2de3eb7472e43eec14953140bd8787a3a3f49bb1a84995
-
SSDEEP
49152:Mr1rcdfkbfLxGETDBIpnsZffVzTSXTkurhjDm8tcGU:UhuMjFVTK6SXTZtmmcGU
Static task
static1
Behavioral task
behavioral1
Sample
735f2f3c0d78551946debbaae311ac44_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Targets
-
-
Target
735f2f3c0d78551946debbaae311ac44_JaffaCakes118
-
Size
2.5MB
-
MD5
735f2f3c0d78551946debbaae311ac44
-
SHA1
0fbac06cea353237b488decd7fb172d8a4fdd1e6
-
SHA256
79525c2360d5eb5b817a6ae852ab1daeb3de171f1fb04c3f67cc62b0cf78765e
-
SHA512
556f89b7a61acf5226e5cc5845d146aff96d9f9e8ac8c6c7d53846c29d0679f24c5c0d4cf2e5bab70c2de3eb7472e43eec14953140bd8787a3a3f49bb1a84995
-
SSDEEP
49152:Mr1rcdfkbfLxGETDBIpnsZffVzTSXTkurhjDm8tcGU:UhuMjFVTK6SXTZtmmcGU
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Modifies WinLogon
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Privilege Escalation
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2