Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b57f7afafc...18.exe

windows7-x64

7

b57f7afafc...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b57f7afafc40fd8ee8a0312eea4382cd_JaffaCakes118

  • Size

    154KB

  • Sample

    240821-3mg5wawhqd

  • MD5

    b57f7afafc40fd8ee8a0312eea4382cd

  • SHA1

    8ab00b5eb8607c7a04ddc881b2731728ca6a7167

  • SHA256

    f8c1c23ace9dbcc7aec6e9fe47c2dd39ceea452af5d9ba1086e85ad31e93a8c0

  • SHA512

    1a0c073d0d252302b6ec619f14f25fcf1f470854242c4c25eb9683aec8909f8e481b26df0a4d2f8148dbfba637515c78daa2a2e952dd39e60b1b1e68f34d35f2

  • SSDEEP

    3072:3+hOPTdZ/ljsHm/svxTuhaCSzaCx0MDi7sfvyEFQimi5WEpk:3QKTdnsvx6SOe0MD4sfvyyBcgk

Score
7/10
bootkitdefense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      b57f7afafc40fd8ee8a0312eea4382cd_JaffaCakes118

    • Size

      154KB

    • MD5

      b57f7afafc40fd8ee8a0312eea4382cd

    • SHA1

      8ab00b5eb8607c7a04ddc881b2731728ca6a7167

    • SHA256

      f8c1c23ace9dbcc7aec6e9fe47c2dd39ceea452af5d9ba1086e85ad31e93a8c0

    • SHA512

      1a0c073d0d252302b6ec619f14f25fcf1f470854242c4c25eb9683aec8909f8e481b26df0a4d2f8148dbfba637515c78daa2a2e952dd39e60b1b1e68f34d35f2

    • SSDEEP

      3072:3+hOPTdZ/ljsHm/svxTuhaCSzaCx0MDi7sfvyEFQimi5WEpk:3QKTdnsvx6SOe0MD4sfvyyBcgk

    Score
    7/10
    bootkitdefense_evasiondiscoverypersistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks