Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a4bdcefd97821332f39852f00b54a742_JaffaCakes118
-
Size
436KB
-
Sample
240818-a3d4yawdkb
-
MD5
a4bdcefd97821332f39852f00b54a742
-
SHA1
81018ef6ef0a11412b029524d865ae36ab6d3b91
-
SHA256
d81b77c97e07449962abea2cf2b939fd58baf0428310be72d8e7654722b4dcc2
-
SHA512
243e49ce01c56ee1a9eeb6824712044eb81f88a3dc199b408edb32b99534d5b45f29687586ac0ae2bec1acea9d0ac1fe2188d29227638f386e527cf49456fe73
-
SSDEEP
6144:BpPDCOkXvBftF2WKcxQIop4T6jjtmUIM9n8xrF50uZPpvEoFuK/w:fCVZftAZcxtT62bbDvEU
Malware Config
Targets
-
-
Target
a4bdcefd97821332f39852f00b54a742_JaffaCakes118
-
Size
436KB
-
MD5
a4bdcefd97821332f39852f00b54a742
-
SHA1
81018ef6ef0a11412b029524d865ae36ab6d3b91
-
SHA256
d81b77c97e07449962abea2cf2b939fd58baf0428310be72d8e7654722b4dcc2
-
SHA512
243e49ce01c56ee1a9eeb6824712044eb81f88a3dc199b408edb32b99534d5b45f29687586ac0ae2bec1acea9d0ac1fe2188d29227638f386e527cf49456fe73
-
SSDEEP
6144:BpPDCOkXvBftF2WKcxQIop4T6jjtmUIM9n8xrF50uZPpvEoFuK/w:fCVZftAZcxtT62bbDvEU
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1