Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b1ac4188ff7db6a842881b51614ffd9d_JaffaCakes118
-
Size
106KB
-
Sample
240821-b5xjqsxgln
-
MD5
b1ac4188ff7db6a842881b51614ffd9d
-
SHA1
014adc2629a32bc0554235320ee5e18066a49bb4
-
SHA256
95609aab540ea2f816056310e876a2b1e7d69260eedee72eff3aa347f3962d73
-
SHA512
b18426488f2ff5c901bb6f5589e640a04e779d777900776ba1d3b75273c47604fcee1f95841def9a75dca8d3a0cf91c22f78d09ee727e397f10d1ed714c750b5
-
SSDEEP
768:3LPXgEVU3PqRAGCmQRbUHj0tUlBlBlBlBlBlBlBlBlBllAb07AI:bPXHS/GCmQpUQtc
Static task
static1
Behavioral task
behavioral1
Sample
b1ac4188ff7db6a842881b51614ffd9d_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
b1ac4188ff7db6a842881b51614ffd9d_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
b1ac4188ff7db6a842881b51614ffd9d_JaffaCakes118
-
Size
106KB
-
MD5
b1ac4188ff7db6a842881b51614ffd9d
-
SHA1
014adc2629a32bc0554235320ee5e18066a49bb4
-
SHA256
95609aab540ea2f816056310e876a2b1e7d69260eedee72eff3aa347f3962d73
-
SHA512
b18426488f2ff5c901bb6f5589e640a04e779d777900776ba1d3b75273c47604fcee1f95841def9a75dca8d3a0cf91c22f78d09ee727e397f10d1ed714c750b5
-
SSDEEP
768:3LPXgEVU3PqRAGCmQRbUHj0tUlBlBlBlBlBlBlBlBlBllAb07AI:bPXHS/GCmQpUQtc
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Indicator Removal
1File Deletion
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4