Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
829fbcbc87a941de385a0d4a0e919a63_JaffaCakes118
-
Size
277KB
-
Sample
240802-cg3lhsyhql
-
MD5
829fbcbc87a941de385a0d4a0e919a63
-
SHA1
6cf1ec433887a9a611f2ab49b80ea0e05286cb7d
-
SHA256
264322e427bd916c14e976961c0f17db4f678b7c098687bbd49d488b2686585d
-
SHA512
c5721ad627c979dbdc2f9062ac4e8645f5857e3d1b410b4bb97382d7bc95b517a7cdacf77b5c84c2d7b803323bcfc83934d37cba109bcfa7ceadd55d132888cb
-
SSDEEP
6144:nfEmj4ZvkItSgS4SD8YgoIq4f14QJ1f2xiMY5xKKSsm8UvS0e1:nfJbIVS65/eQJp2cMwxRwre1
Static task
static1
Behavioral task
behavioral1
Sample
829fbcbc87a941de385a0d4a0e919a63_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
829fbcbc87a941de385a0d4a0e919a63_JaffaCakes118.exe
Resource
win10v2004-20240730-en
Malware Config
Targets
-
-
Target
829fbcbc87a941de385a0d4a0e919a63_JaffaCakes118
-
Size
277KB
-
MD5
829fbcbc87a941de385a0d4a0e919a63
-
SHA1
6cf1ec433887a9a611f2ab49b80ea0e05286cb7d
-
SHA256
264322e427bd916c14e976961c0f17db4f678b7c098687bbd49d488b2686585d
-
SHA512
c5721ad627c979dbdc2f9062ac4e8645f5857e3d1b410b4bb97382d7bc95b517a7cdacf77b5c84c2d7b803323bcfc83934d37cba109bcfa7ceadd55d132888cb
-
SSDEEP
6144:nfEmj4ZvkItSgS4SD8YgoIq4f14QJ1f2xiMY5xKKSsm8UvS0e1:nfJbIVS65/eQJp2cMwxRwre1
Score10/10-
Modifies WinLogon for persistence
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies WinLogon
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2