Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b2537bd00585ae2d60c717c6712be8eb_JaffaCakes118
-
Size
36KB
-
Sample
240821-glxnaasfrd
-
MD5
b2537bd00585ae2d60c717c6712be8eb
-
SHA1
f5e499f7559e59c76e6a83a691b1e65965fb1aa4
-
SHA256
b5efa74506a9cc9aa6f2f7234989edac808ffbcb35eb196815bc88bb1e8c7716
-
SHA512
36d346de5aab25c3c3399dd647527991e01e6bceeb255c4b1f1b38045daa9039033d4e5e034d9d9b33bc70766279bab8f5e5d2b3bc4a1cea78d4b2d2430b09c5
-
SSDEEP
768:WxjWWrXbIDTLPTQGGAnGGXkDGGeGGGGGNGGRHJARGGGGGGGGGGGGGGGGGGGGGGGK:Wxj9bsTPQGGeGGXkDGGeGGGGGNGGRHJm
Static task
static1
Behavioral task
behavioral1
Sample
b2537bd00585ae2d60c717c6712be8eb_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
b2537bd00585ae2d60c717c6712be8eb_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
b2537bd00585ae2d60c717c6712be8eb_JaffaCakes118
-
Size
36KB
-
MD5
b2537bd00585ae2d60c717c6712be8eb
-
SHA1
f5e499f7559e59c76e6a83a691b1e65965fb1aa4
-
SHA256
b5efa74506a9cc9aa6f2f7234989edac808ffbcb35eb196815bc88bb1e8c7716
-
SHA512
36d346de5aab25c3c3399dd647527991e01e6bceeb255c4b1f1b38045daa9039033d4e5e034d9d9b33bc70766279bab8f5e5d2b3bc4a1cea78d4b2d2430b09c5
-
SSDEEP
768:WxjWWrXbIDTLPTQGGAnGGXkDGGeGGGGGNGGRHJARGGGGGGGGGGGGGGGGGGGGGGGK:Wxj9bsTPQGGeGGXkDGGeGGGGGNGGRHJm
Score10/10-
Modifies WinLogon for persistence
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1