Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8aa1cfb4122c71c0684e82c3749b1da4_JaffaCakes118
-
Size
336KB
-
Sample
240811-q94k6ssejm
-
MD5
8aa1cfb4122c71c0684e82c3749b1da4
-
SHA1
940eccf8c2c708513b4b7d1ff00a9c475c0aefd2
-
SHA256
ef2a69935322c5db3ce2559c176528fe8ebae0e3a5d87a69cf3a5d0d36fec55d
-
SHA512
2c34de9c0f0301ffcf22c247775e70b9ace16d5c3943510d0ff6de95d1be8f994d0b00cf0e394405eaa6ef57c77ecd9c74d1885d1cf5c7d4c27f6521fcc0e11c
-
SSDEEP
6144:pk+TvfDzsyocDrVcADoCCx76s4H9/7yK/ylkN/pkT:+UNaA0CCx76s4d/7Zylq
Malware Config
Targets
-
-
Target
8aa1cfb4122c71c0684e82c3749b1da4_JaffaCakes118
-
Size
336KB
-
MD5
8aa1cfb4122c71c0684e82c3749b1da4
-
SHA1
940eccf8c2c708513b4b7d1ff00a9c475c0aefd2
-
SHA256
ef2a69935322c5db3ce2559c176528fe8ebae0e3a5d87a69cf3a5d0d36fec55d
-
SHA512
2c34de9c0f0301ffcf22c247775e70b9ace16d5c3943510d0ff6de95d1be8f994d0b00cf0e394405eaa6ef57c77ecd9c74d1885d1cf5c7d4c27f6521fcc0e11c
-
SSDEEP
6144:pk+TvfDzsyocDrVcADoCCx76s4H9/7yK/ylkN/pkT:+UNaA0CCx76s4d/7Zylq
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables taskbar notifications via registry modification
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1