Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ac5b74bde9b37320fd66c2f25281e7a4_JaffaCakes118
-
Size
60KB
-
Sample
240819-ymyqeasgph
-
MD5
ac5b74bde9b37320fd66c2f25281e7a4
-
SHA1
0a0c13ec0441ffb4c3f791cc48917efc3477d37f
-
SHA256
529a66b8d66850a28d401cc8dd77681335c39f1f0f4835a1701f3acab84836aa
-
SHA512
656ae787f908845bbca7f222583b79e43435f72d156678dff6fd94f122b06afaf3faf848f8ec1d0d87aa3aabd74c92b4d0ae43f82eae210a9cc5ae9739dc7df1
-
SSDEEP
768:2E7RUeILeOWS9st/XtDe3huf484Eu9HyClEB904/m82ojQ+yGdf:aeVtFDIRXE9d/mKM+yGZ
Malware Config
Targets
-
-
Target
ac5b74bde9b37320fd66c2f25281e7a4_JaffaCakes118
-
Size
60KB
-
MD5
ac5b74bde9b37320fd66c2f25281e7a4
-
SHA1
0a0c13ec0441ffb4c3f791cc48917efc3477d37f
-
SHA256
529a66b8d66850a28d401cc8dd77681335c39f1f0f4835a1701f3acab84836aa
-
SHA512
656ae787f908845bbca7f222583b79e43435f72d156678dff6fd94f122b06afaf3faf848f8ec1d0d87aa3aabd74c92b4d0ae43f82eae210a9cc5ae9739dc7df1
-
SSDEEP
768:2E7RUeILeOWS9st/XtDe3huf484Eu9HyClEB904/m82ojQ+yGdf:aeVtFDIRXE9d/mKM+yGZ
Score10/10-
UAC bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1