Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b235bee6984b3b7f0a09136298f47906_JaffaCakes118
-
Size
2.5MB
-
Sample
240821-fvmn1avenr
-
MD5
b235bee6984b3b7f0a09136298f47906
-
SHA1
4a1764431de85817bffd41211d85eb51868fc68a
-
SHA256
5ea576f09b0659c490e899c6a6ccc75fc41667b577416dc3c5b09a091645ef81
-
SHA512
2df9a89746bfaf4d8d06d634024e3313d0e753b08bd29129a6399fa193ced3869094621b419a07ce3617672ca5a6a30cf50082a73954a4622801ce5f287fb41c
-
SSDEEP
49152:9UQcu/vMKA1e5m92Vz2e9ueEjXZIdXzfCeOLXWiFPHW9ih1:9US/EKA1e5+2V96XmdDILxP0ih1
Malware Config
Targets
-
-
Target
b235bee6984b3b7f0a09136298f47906_JaffaCakes118
-
Size
2.5MB
-
MD5
b235bee6984b3b7f0a09136298f47906
-
SHA1
4a1764431de85817bffd41211d85eb51868fc68a
-
SHA256
5ea576f09b0659c490e899c6a6ccc75fc41667b577416dc3c5b09a091645ef81
-
SHA512
2df9a89746bfaf4d8d06d634024e3313d0e753b08bd29129a6399fa193ced3869094621b419a07ce3617672ca5a6a30cf50082a73954a4622801ce5f287fb41c
-
SSDEEP
49152:9UQcu/vMKA1e5m92Vz2e9ueEjXZIdXzfCeOLXWiFPHW9ih1:9US/EKA1e5+2V96XmdDILxP0ih1
Score8/10-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Drops file in System32 directory
-