Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a9e408ec9abbfdac7f963643923f2a5f_JaffaCakes118
-
Size
185KB
-
Sample
240819-gw3x2syaqe
-
MD5
a9e408ec9abbfdac7f963643923f2a5f
-
SHA1
cce3f30db965a960dff9281a61a278c0aaa50a8a
-
SHA256
f90b08d3b88747529a8f499e5e7b0830e4a00ffae737bf5d68fbd37a3447c420
-
SHA512
3924d5ad35a355100d1df8487bb043cf7293e3793bdd3f9ea2441e155622b7d528b98cf5793413f5131846c5e7a7ab6308713295d20ed82ff6e929845b58c150
-
SSDEEP
3072:EamFnQYUM6m3SP2sVSdEnfWZN3cbgonk9sX1qalYuhLJNdjQVVTuP5J85Vi9iqVv:Eazq3aipalYuhoao5sQkzz
Behavioral task
behavioral1
Sample
a9e408ec9abbfdac7f963643923f2a5f_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Targets
-
-
Target
a9e408ec9abbfdac7f963643923f2a5f_JaffaCakes118
-
Size
185KB
-
MD5
a9e408ec9abbfdac7f963643923f2a5f
-
SHA1
cce3f30db965a960dff9281a61a278c0aaa50a8a
-
SHA256
f90b08d3b88747529a8f499e5e7b0830e4a00ffae737bf5d68fbd37a3447c420
-
SHA512
3924d5ad35a355100d1df8487bb043cf7293e3793bdd3f9ea2441e155622b7d528b98cf5793413f5131846c5e7a7ab6308713295d20ed82ff6e929845b58c150
-
SSDEEP
3072:EamFnQYUM6m3SP2sVSdEnfWZN3cbgonk9sX1qalYuhLJNdjQVVTuP5J85Vi9iqVv:Eazq3aipalYuhoao5sQkzz
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-