Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

745a7a6c8b...18.exe

windows7-x64

8

745a7a6c8b...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    745a7a6c8b8bc9b6e10935c3fd31db95_JaffaCakes118

  • Size

    136KB

  • Sample

    240726-rafwhawala

  • MD5

    745a7a6c8b8bc9b6e10935c3fd31db95

  • SHA1

    2007ef79c3b956fa067102806c6ae9ad5f68f1ec

  • SHA256

    477dff5aa00b7265bef41c758066f82aef602ba8cd372141bb598166c01bb2b2

  • SHA512

    570fbca287fced0ccf231aa470fe7ccc952fc9307e6ecb81adce7a7679cb7e820d69e0d648430b49639137f256ff9606b2e76df6d0a2a6bbbedc25af989a0dac

  • SSDEEP

    3072:p2YMS8wER7PaQtPkTgBEU+G9Me2kmvxtEqdLuhxFbO79gM:3ER7PasPkTgBEzG9Me2kmvcXQ7

Score
8/10
bootkitdiscoveryevasionpersistence

Malware Config

Targets

    • Target

      745a7a6c8b8bc9b6e10935c3fd31db95_JaffaCakes118

    • Size

      136KB

    • MD5

      745a7a6c8b8bc9b6e10935c3fd31db95

    • SHA1

      2007ef79c3b956fa067102806c6ae9ad5f68f1ec

    • SHA256

      477dff5aa00b7265bef41c758066f82aef602ba8cd372141bb598166c01bb2b2

    • SHA512

      570fbca287fced0ccf231aa470fe7ccc952fc9307e6ecb81adce7a7679cb7e820d69e0d648430b49639137f256ff9606b2e76df6d0a2a6bbbedc25af989a0dac

    • SSDEEP

      3072:p2YMS8wER7PaQtPkTgBEU+G9Me2kmvxtEqdLuhxFbO79gM:3ER7PasPkTgBEzG9Me2kmvcXQ7

    Score
    8/10
    bootkitdiscoveryevasionpersistence

    • Disables RegEdit via registry modification

      evasion

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks