Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b589782559a76bcaf54515e56e6ce7f3_JaffaCakes118
-
Size
2.1MB
-
Sample
240821-3wljnaxcpa
-
MD5
b589782559a76bcaf54515e56e6ce7f3
-
SHA1
9d3ba2c1fc4bbac9f10ac970b091e801bfaec741
-
SHA256
44c393ea107112edffed5fe9313c24a97fa0a89469695eda829158bba13c8e9f
-
SHA512
82c75702d29f62931c51db873028dafa8d51ace6d5a08bd0d95dd2d81db4ce666766f700c5e9fdc07f7b59a787dbd97c1083fcf8d6f600cc02531c7999720d89
-
SSDEEP
49152:SMTs/sLwsKbpkerf75VC9NBR4RJlL9vCg0wI8mRKO:RTs0ksKbu2ChRuHtCV
Behavioral task
behavioral1
Sample
b589782559a76bcaf54515e56e6ce7f3_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
b589782559a76bcaf54515e56e6ce7f3_JaffaCakes118
-
Size
2.1MB
-
MD5
b589782559a76bcaf54515e56e6ce7f3
-
SHA1
9d3ba2c1fc4bbac9f10ac970b091e801bfaec741
-
SHA256
44c393ea107112edffed5fe9313c24a97fa0a89469695eda829158bba13c8e9f
-
SHA512
82c75702d29f62931c51db873028dafa8d51ace6d5a08bd0d95dd2d81db4ce666766f700c5e9fdc07f7b59a787dbd97c1083fcf8d6f600cc02531c7999720d89
-
SSDEEP
49152:SMTs/sLwsKbpkerf75VC9NBR4RJlL9vCg0wI8mRKO:RTs0ksKbu2ChRuHtCV
Score7/10-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Modifies WinLogon
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1