Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
87aebd0524c31b1e20f84866e79b9ec8_JaffaCakes118
-
Size
4.2MB
-
Sample
240810-zzlr2ssdnd
-
MD5
87aebd0524c31b1e20f84866e79b9ec8
-
SHA1
1907211e720cfd425265eac3557d28f801617f46
-
SHA256
22dbcb92cd323b32a239d702bb40c439c208b17e8c590ac34478fbe296656f40
-
SHA512
b8d35bcb9626295afac9aaa44c99491eaec562b032b71f7db0fd13c8622afca1526146f25c571ed06d013cfcc561ca982cd25a6fe805c3f8a6ae9c6ffc82adc1
-
SSDEEP
98304:6MZRZDuHwIdS+9IOU6vMM+dCe3anXoTFuyPsLwj23sTcXbnlfnC:6uRaZUuMMRe3UquyPl2cT
Malware Config
Targets
-
-
Target
87aebd0524c31b1e20f84866e79b9ec8_JaffaCakes118
-
Size
4.2MB
-
MD5
87aebd0524c31b1e20f84866e79b9ec8
-
SHA1
1907211e720cfd425265eac3557d28f801617f46
-
SHA256
22dbcb92cd323b32a239d702bb40c439c208b17e8c590ac34478fbe296656f40
-
SHA512
b8d35bcb9626295afac9aaa44c99491eaec562b032b71f7db0fd13c8622afca1526146f25c571ed06d013cfcc561ca982cd25a6fe805c3f8a6ae9c6ffc82adc1
-
SSDEEP
98304:6MZRZDuHwIdS+9IOU6vMM+dCe3anXoTFuyPsLwj23sTcXbnlfnC:6uRaZUuMMRe3UquyPl2cT
Score8/10-
Modifies Windows Firewall
-
Stops running service(s)
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1