Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b7cbf5f879ed0aaac5968be4d6d01c71_JaffaCakes118
-
Size
156KB
-
Sample
240822-qmf7cssalp
-
MD5
b7cbf5f879ed0aaac5968be4d6d01c71
-
SHA1
9c7c21e74976338fe28b8fe8ada8f566604554db
-
SHA256
f18f7d106e180317dded536bc89c2f9ab594c93ceadad9be47df00e0865ff824
-
SHA512
650f239a12d5ff624de528940eee823b61561fb4569b78f19e286178b352f7aab83488efec3e2fa24399ae230d429a9d6480acbc9ed6b89be3e13f4765f21e58
-
SSDEEP
384:KzZgubkc7owyRaeV74Rf5tTOHqpLoPo9RAp3qYjVOcGJi92pIHOIpHVQyBT5B:sgskZZRD94bRoVqYQ0OPIJVl5B
Static task
static1
Behavioral task
behavioral1
Sample
b7cbf5f879ed0aaac5968be4d6d01c71_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
b7cbf5f879ed0aaac5968be4d6d01c71_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
b7cbf5f879ed0aaac5968be4d6d01c71_JaffaCakes118
-
Size
156KB
-
MD5
b7cbf5f879ed0aaac5968be4d6d01c71
-
SHA1
9c7c21e74976338fe28b8fe8ada8f566604554db
-
SHA256
f18f7d106e180317dded536bc89c2f9ab594c93ceadad9be47df00e0865ff824
-
SHA512
650f239a12d5ff624de528940eee823b61561fb4569b78f19e286178b352f7aab83488efec3e2fa24399ae230d429a9d6480acbc9ed6b89be3e13f4765f21e58
-
SSDEEP
384:KzZgubkc7owyRaeV74Rf5tTOHqpLoPo9RAp3qYjVOcGJi92pIHOIpHVQyBT5B:sgskZZRD94bRoVqYQ0OPIJVl5B
Score10/10-
Modifies visibility of file extensions in Explorer
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
3