Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a1d12749c3a445f9393c28d9ef398601_JaffaCakes118
-
Size
500KB
-
Sample
240817-j8qjlaygmk
-
MD5
a1d12749c3a445f9393c28d9ef398601
-
SHA1
af107688fb96027dc74b2d44070f7fa9d5729af1
-
SHA256
777ebce5c12dad3e68e572bfda63c887c9046769d8677ba150f6c2099b3eddc5
-
SHA512
1139b402a1612a0931f13d811401b2e6a42a3826dfe0b078d968e92e531c0567e74d710f3f7ef8c51e52a6cadd1535924d9e5a4003a3377c6c87fda3c9876ce0
-
SSDEEP
12288:Ge4IKQ7VTVeBANiEYA9i5gdCZQ3True/6/:Ge4IL7beBANiDgsFZQ3T
Static task
static1
Behavioral task
behavioral1
Sample
a1d12749c3a445f9393c28d9ef398601_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
a1d12749c3a445f9393c28d9ef398601_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
a1d12749c3a445f9393c28d9ef398601_JaffaCakes118
-
Size
500KB
-
MD5
a1d12749c3a445f9393c28d9ef398601
-
SHA1
af107688fb96027dc74b2d44070f7fa9d5729af1
-
SHA256
777ebce5c12dad3e68e572bfda63c887c9046769d8677ba150f6c2099b3eddc5
-
SHA512
1139b402a1612a0931f13d811401b2e6a42a3826dfe0b078d968e92e531c0567e74d710f3f7ef8c51e52a6cadd1535924d9e5a4003a3377c6c87fda3c9876ce0
-
SSDEEP
12288:Ge4IKQ7VTVeBANiEYA9i5gdCZQ3True/6/:Ge4IL7beBANiDgsFZQ3T
Score10/10-
Modifies firewall policy service
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2