Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

b1cce33ae6...18.exe

windows7-x64

3

b1cce33ae6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b1cce33ae6c2bb12b0419542130f7b4a_JaffaCakes118

  • Size

    53KB

  • Sample

    240821-c2nm4awcrf

  • MD5

    b1cce33ae6c2bb12b0419542130f7b4a

  • SHA1

    4de465ed697f110b01143e1de930ee12b6504656

  • SHA256

    619c4de8ca2ab491a7d2507f336983434c5d003792794aa1cc04719e93b21623

  • SHA512

    359ef30f697c3c6cbea44b0dc3a74f5fc929f28af7d85318e5b8cc367f32a8afb9b9e81d0350e0d007e434200257172503eeaf23cf70aa93002901c5cea63b32

  • SSDEEP

    1536:DISr7PZWFsglcJ4fc4m/b7Cfb7unp9sx0:DF/ZGsgWSSDwip9s6

Score
10/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      b1cce33ae6c2bb12b0419542130f7b4a_JaffaCakes118

    • Size

      53KB

    • MD5

      b1cce33ae6c2bb12b0419542130f7b4a

    • SHA1

      4de465ed697f110b01143e1de930ee12b6504656

    • SHA256

      619c4de8ca2ab491a7d2507f336983434c5d003792794aa1cc04719e93b21623

    • SHA512

      359ef30f697c3c6cbea44b0dc3a74f5fc929f28af7d85318e5b8cc367f32a8afb9b9e81d0350e0d007e434200257172503eeaf23cf70aa93002901c5cea63b32

    • SSDEEP

      1536:DISr7PZWFsglcJ4fc4m/b7Cfb7unp9sx0:DF/ZGsgWSSDwip9s6

    Score
    10/10
    discoveryevasionpersistence

    • Modifies firewall policy service

      evasion

    • Drops file in Drivers directory

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Command and Control

Exfiltration

Impact

Tasks