Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8548dd17f0f665cc94431d513dbbf7f8_JaffaCakes118
-
Size
204KB
-
Sample
240810-jeev1a1bqp
-
MD5
8548dd17f0f665cc94431d513dbbf7f8
-
SHA1
4a87a8906e025657f46b6bc9ab7ed22757bd9621
-
SHA256
e3bc4dd01df081b5ff59f5b0f2af56e84067c49c53efbe8b7bc757defac8879f
-
SHA512
cd72bbc4aadc042ba85d8870756d5f7a2c167414bcc3aab89f94eb0fc56ab1942f81e419af742aac9a83a97a232c675e068d1ed4b0325eef191acc4037d377b1
-
SSDEEP
6144:tEvjSkZ5AqUTyKkp09suOkTiyzQUvOQ7bXQb1CoS:ISkjd7KxXFhUUvOOjoS
Behavioral task
behavioral1
Sample
8548dd17f0f665cc94431d513dbbf7f8_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
8548dd17f0f665cc94431d513dbbf7f8_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
8548dd17f0f665cc94431d513dbbf7f8_JaffaCakes118
-
Size
204KB
-
MD5
8548dd17f0f665cc94431d513dbbf7f8
-
SHA1
4a87a8906e025657f46b6bc9ab7ed22757bd9621
-
SHA256
e3bc4dd01df081b5ff59f5b0f2af56e84067c49c53efbe8b7bc757defac8879f
-
SHA512
cd72bbc4aadc042ba85d8870756d5f7a2c167414bcc3aab89f94eb0fc56ab1942f81e419af742aac9a83a97a232c675e068d1ed4b0325eef191acc4037d377b1
-
SSDEEP
6144:tEvjSkZ5AqUTyKkp09suOkTiyzQUvOQ7bXQb1CoS:ISkjd7KxXFhUUvOOjoS
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1