Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8a9d2d636c3eb83778a71d2912eaab6e_JaffaCakes118
-
Size
141KB
-
Sample
240811-q5976ascmn
-
MD5
8a9d2d636c3eb83778a71d2912eaab6e
-
SHA1
2df18d58f2ee33b15ee38eae2120110db9235377
-
SHA256
d4594268a88e3240b8a3798b395f95af67d53eae1f58828df6e105dd655864c5
-
SHA512
35176a61fafd73d9440769d26274cc42c94ce7d319a90f011ef9d073bbb16d815d98d36afb26ffd74cedf788bb1ba9083f318a13d1af424514f707b069e375f2
-
SSDEEP
1536:4qTPSrAkdxOz/UY1pDC3iFA/cZ2IKpIPHvaSq/yiU/GOao8sCnEMvDY7hfhUxdcm:XT6k+2X3DASA/9IZPaPsaEMryqWxF7O
Static task
static1
Behavioral task
behavioral1
Sample
8a9d2d636c3eb83778a71d2912eaab6e_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
8a9d2d636c3eb83778a71d2912eaab6e_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
8a9d2d636c3eb83778a71d2912eaab6e_JaffaCakes118
-
Size
141KB
-
MD5
8a9d2d636c3eb83778a71d2912eaab6e
-
SHA1
2df18d58f2ee33b15ee38eae2120110db9235377
-
SHA256
d4594268a88e3240b8a3798b395f95af67d53eae1f58828df6e105dd655864c5
-
SHA512
35176a61fafd73d9440769d26274cc42c94ce7d319a90f011ef9d073bbb16d815d98d36afb26ffd74cedf788bb1ba9083f318a13d1af424514f707b069e375f2
-
SSDEEP
1536:4qTPSrAkdxOz/UY1pDC3iFA/cZ2IKpIPHvaSq/yiU/GOao8sCnEMvDY7hfhUxdcm:XT6k+2X3DASA/9IZPaPsaEMryqWxF7O
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1