Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9fe5812c2ee169e13316df40bbf4ba11_JaffaCakes118
-
Size
388KB
-
Sample
240816-zpnhwszenq
-
MD5
9fe5812c2ee169e13316df40bbf4ba11
-
SHA1
0c09b18437830a1729060e1850205582ad60d742
-
SHA256
ae967af74a3f23be8db8b24143231e4534d683522133d6d5e8f7c02ef808a2f1
-
SHA512
2f18689e92103cba8386568464397be7405d2e88126307ceb4292473c9a09e424a92bfc909cd0c580ecc6e5f4344302da7d0a25f5be807a71f612262f9137dc4
-
SSDEEP
6144:ZdbELf/MR/cWdi5pV/JNWOVhMUVbELf/MR/J:PdOpNX1h
Malware Config
Targets
-
-
Target
9fe5812c2ee169e13316df40bbf4ba11_JaffaCakes118
-
Size
388KB
-
MD5
9fe5812c2ee169e13316df40bbf4ba11
-
SHA1
0c09b18437830a1729060e1850205582ad60d742
-
SHA256
ae967af74a3f23be8db8b24143231e4534d683522133d6d5e8f7c02ef808a2f1
-
SHA512
2f18689e92103cba8386568464397be7405d2e88126307ceb4292473c9a09e424a92bfc909cd0c580ecc6e5f4344302da7d0a25f5be807a71f612262f9137dc4
-
SSDEEP
6144:ZdbELf/MR/cWdi5pV/JNWOVhMUVbELf/MR/J:PdOpNX1h
Score10/10-
Modifies firewall policy service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
4