Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
aeca5eab2ab43e3904c8aaefc5f3bf51_JaffaCakes118
-
Size
4.5MB
-
Sample
240820-l1r4kazcml
-
MD5
aeca5eab2ab43e3904c8aaefc5f3bf51
-
SHA1
f1a6e524d1a11dac6e45b9b22fd7c9b3c80a3184
-
SHA256
4c90087f2a3773da6000a9110dd4485ce1d95ca86b64468b5fb6e938754ab0a6
-
SHA512
0131665fd8c867afd76f5ecf2250718e7a9570caf812352048ed75370facb5d336931266d3c1aabe2ed004e6b2a5ca3f0c5acf67fa5bf9afc084297065e58089
-
SSDEEP
98304:ErKBdVbVlCVF9RAgbcowBg8EmX5oxGOue+snXUzfViw:TBdVBlCVLRAgIoR8ES6ajsnEbViw
Behavioral task
behavioral1
Sample
aeca5eab2ab43e3904c8aaefc5f3bf51_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
aeca5eab2ab43e3904c8aaefc5f3bf51_JaffaCakes118
-
Size
4.5MB
-
MD5
aeca5eab2ab43e3904c8aaefc5f3bf51
-
SHA1
f1a6e524d1a11dac6e45b9b22fd7c9b3c80a3184
-
SHA256
4c90087f2a3773da6000a9110dd4485ce1d95ca86b64468b5fb6e938754ab0a6
-
SHA512
0131665fd8c867afd76f5ecf2250718e7a9570caf812352048ed75370facb5d336931266d3c1aabe2ed004e6b2a5ca3f0c5acf67fa5bf9afc084297065e58089
-
SSDEEP
98304:ErKBdVbVlCVF9RAgbcowBg8EmX5oxGOue+snXUzfViw:TBdVBlCVLRAgIoR8ES6ajsnEbViw
Score7/10-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-