Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    84cc6e17d46a2359ee05f82a635d9b57_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240810-e3jfwazdla

  • MD5

    84cc6e17d46a2359ee05f82a635d9b57

  • SHA1

    79bcbbe540668cad337f292c34c5605b20618017

  • SHA256

    421f41bd2a70a53f579c1ea10f8a5b1e47d5e44ac16dc8e00c2bdfdf2a751960

  • SHA512

    b16773c0b1c505770a9446c99e66167376a61f8de89043ac11aca19d9cd443ecb9338adfd4b9c2bbf77ce2b3cb5aeb8cdd305dc5ab6c04649945e97f671d4ee5

  • SSDEEP

    24576:zqJuks0Gs+vrHEF1tTHd0drauOwnTVnAg9XVuzSUZcdh+nuLdQFYg1:zqIksackFKpFOwTJMzpa3++dQFY+

Malware Config

Targets

    • Target

      84cc6e17d46a2359ee05f82a635d9b57_JaffaCakes118

    • Size

      1.2MB

    • MD5

      84cc6e17d46a2359ee05f82a635d9b57

    • SHA1

      79bcbbe540668cad337f292c34c5605b20618017

    • SHA256

      421f41bd2a70a53f579c1ea10f8a5b1e47d5e44ac16dc8e00c2bdfdf2a751960

    • SHA512

      b16773c0b1c505770a9446c99e66167376a61f8de89043ac11aca19d9cd443ecb9338adfd4b9c2bbf77ce2b3cb5aeb8cdd305dc5ab6c04649945e97f671d4ee5

    • SSDEEP

      24576:zqJuks0Gs+vrHEF1tTHd0drauOwnTVnAg9XVuzSUZcdh+nuLdQFYg1:zqIksackFKpFOwTJMzpa3++dQFY+

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks