Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a78e3e5ddb17eaef1a376a005c16ce90_JaffaCakes118
-
Size
164KB
-
Sample
240818-vzydmavema
-
MD5
a78e3e5ddb17eaef1a376a005c16ce90
-
SHA1
b6fdc1e495f7de096ae3e638ccd76e4110fe1094
-
SHA256
ff9047d6b337e222f83b16b78674b5f55ec9a592a6dd379feb36168a9c3f57a0
-
SHA512
54404fb4f10340b08b087bc7d3a78985116f2b5db5b77f5ef080a5361b6c758b14dbc34e0a03613f4bfe04d54012119ecc918804d3499d34d0e71b8ffa7f2d58
-
SSDEEP
3072:W8lI9JuB/RVgU974KlGro2UWQRtgxC6c3ovNRdNUirqSmF7Nv5D:WJmVJ974KlGM/g46cYVWimF7hV
Static task
static1
Behavioral task
behavioral1
Sample
a78e3e5ddb17eaef1a376a005c16ce90_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a78e3e5ddb17eaef1a376a005c16ce90_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
a78e3e5ddb17eaef1a376a005c16ce90_JaffaCakes118
-
Size
164KB
-
MD5
a78e3e5ddb17eaef1a376a005c16ce90
-
SHA1
b6fdc1e495f7de096ae3e638ccd76e4110fe1094
-
SHA256
ff9047d6b337e222f83b16b78674b5f55ec9a592a6dd379feb36168a9c3f57a0
-
SHA512
54404fb4f10340b08b087bc7d3a78985116f2b5db5b77f5ef080a5361b6c758b14dbc34e0a03613f4bfe04d54012119ecc918804d3499d34d0e71b8ffa7f2d58
-
SSDEEP
3072:W8lI9JuB/RVgU974KlGro2UWQRtgxC6c3ovNRdNUirqSmF7Nv5D:WJmVJ974KlGM/g46cYVWimF7hV
Score8/10-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1