Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b32b87eb16adaa3eac40baeb8c9baaee_JaffaCakes118
-
Size
110KB
-
Sample
240821-mwgmpsxhmp
-
MD5
b32b87eb16adaa3eac40baeb8c9baaee
-
SHA1
c5dad615e845f0b354213bf0849156307e334786
-
SHA256
80de6354a52de42c89a4422c04efb7c937d096f19cc3b5a002d01c2ff722a80b
-
SHA512
58b72a053d55bd20ec097cbfe2ca3bce3adf8ec94fc395cacf5541b291920817517bfc7838a94dcf7a8302b1d40014a239b0dc0d0bea7b4e2842540a026065f7
-
SSDEEP
3072:vyOh1oxaWgoFoA2PSTCfmEvqOIx4J2vNbGfvGnd3gW5ZM4/ud:vyOvozgqJ2PSwdvGNdndPZMT
Malware Config
Targets
-
-
Target
b32b87eb16adaa3eac40baeb8c9baaee_JaffaCakes118
-
Size
110KB
-
MD5
b32b87eb16adaa3eac40baeb8c9baaee
-
SHA1
c5dad615e845f0b354213bf0849156307e334786
-
SHA256
80de6354a52de42c89a4422c04efb7c937d096f19cc3b5a002d01c2ff722a80b
-
SHA512
58b72a053d55bd20ec097cbfe2ca3bce3adf8ec94fc395cacf5541b291920817517bfc7838a94dcf7a8302b1d40014a239b0dc0d0bea7b4e2842540a026065f7
-
SSDEEP
3072:vyOh1oxaWgoFoA2PSTCfmEvqOIx4J2vNbGfvGnd3gW5ZM4/ud:vyOvozgqJ2PSwdvGNdndPZMT
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UAC bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
3