Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a14124a3f85e4b827de7fc26f3f8a486_JaffaCakes118
-
Size
236KB
-
Sample
240817-ffn9aaxhnd
-
MD5
a14124a3f85e4b827de7fc26f3f8a486
-
SHA1
297681b8de6ba22ddadae836772f41126565dc77
-
SHA256
1f3f62f463864cf4ed2d35f3d2b2d3ed1cf6a38c206bf19b5f3227496a4eb19f
-
SHA512
c4eff1395ff4321a09791f8581f0e86f2d72ce968a3da779ab9ce94f70b2e0ab830d340a10993fa0d3e241326269f021f78223e8ce4e5cd81d88b735b7ebdebd
-
SSDEEP
6144:hZiKocSHVJgztFoJqu4rspWcDXH4xU38PYuHSnzvQ/+:ijbHV2ZspbDXYxq8wuMzvV
Static task
static1
Behavioral task
behavioral1
Sample
a14124a3f85e4b827de7fc26f3f8a486_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
a14124a3f85e4b827de7fc26f3f8a486_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
a14124a3f85e4b827de7fc26f3f8a486_JaffaCakes118
-
Size
236KB
-
MD5
a14124a3f85e4b827de7fc26f3f8a486
-
SHA1
297681b8de6ba22ddadae836772f41126565dc77
-
SHA256
1f3f62f463864cf4ed2d35f3d2b2d3ed1cf6a38c206bf19b5f3227496a4eb19f
-
SHA512
c4eff1395ff4321a09791f8581f0e86f2d72ce968a3da779ab9ce94f70b2e0ab830d340a10993fa0d3e241326269f021f78223e8ce4e5cd81d88b735b7ebdebd
-
SSDEEP
6144:hZiKocSHVJgztFoJqu4rspWcDXH4xU38PYuHSnzvQ/+:ijbHV2ZspbDXYxq8wuMzvV
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1