Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
83aaee69716dda7b17faa2d36ea38822_JaffaCakes118
-
Size
912KB
-
Sample
240809-1mx5zsvblg
-
MD5
83aaee69716dda7b17faa2d36ea38822
-
SHA1
12ba999ca951b9f2154ab388039c20e364e56b25
-
SHA256
6547d234fd9c2d92380a8c60eaa0e30b0c253b20870d3eaafc371f51bd46303a
-
SHA512
cff941de4e85adcdf62e3088c358a374b4f2ac5219a438663ebd7e84b1c0693532cda54ebae9b6f687ae582cea2c727f56be0744232f25f041cfeb807a2c584b
-
SSDEEP
12288:m8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1r/re:zUKoN0bUxgGa/pfBHDb+y1L
Behavioral task
behavioral1
Sample
83aaee69716dda7b17faa2d36ea38822_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Targets
-
-
Target
83aaee69716dda7b17faa2d36ea38822_JaffaCakes118
-
Size
912KB
-
MD5
83aaee69716dda7b17faa2d36ea38822
-
SHA1
12ba999ca951b9f2154ab388039c20e364e56b25
-
SHA256
6547d234fd9c2d92380a8c60eaa0e30b0c253b20870d3eaafc371f51bd46303a
-
SHA512
cff941de4e85adcdf62e3088c358a374b4f2ac5219a438663ebd7e84b1c0693532cda54ebae9b6f687ae582cea2c727f56be0744232f25f041cfeb807a2c584b
-
SSDEEP
12288:m8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1r/re:zUKoN0bUxgGa/pfBHDb+y1L
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
6