Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ba652f3266a882ed48f80e320ac78bfd_JaffaCakes118
-
Size
200KB
-
Sample
240823-fas1aayamm
-
MD5
ba652f3266a882ed48f80e320ac78bfd
-
SHA1
97d7cc36c0bc78dd95363f691fd85fa44d5a5c7e
-
SHA256
d5af8787376f7efc104d75f99099cda61ea639c5c757a2a4cf6b65efda83d193
-
SHA512
38cf54a46ac276389b6e5dcbdbca5df33b34c287b92f0b6f8a115e6b1ec497a70cb7cfe45bc64a9993fa24a7512172ec442780df32b8eee6894c38e2e96e1c08
-
SSDEEP
6144:vmZp9qpWymPBeaSAOJ+7xi5eRed63qaCR8nIBKf:ORGLmPBeaSAOJ+7xi5eRed63qaCO
Static task
static1
Behavioral task
behavioral1
Sample
ba652f3266a882ed48f80e320ac78bfd_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
ba652f3266a882ed48f80e320ac78bfd_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
ba652f3266a882ed48f80e320ac78bfd_JaffaCakes118
-
Size
200KB
-
MD5
ba652f3266a882ed48f80e320ac78bfd
-
SHA1
97d7cc36c0bc78dd95363f691fd85fa44d5a5c7e
-
SHA256
d5af8787376f7efc104d75f99099cda61ea639c5c757a2a4cf6b65efda83d193
-
SHA512
38cf54a46ac276389b6e5dcbdbca5df33b34c287b92f0b6f8a115e6b1ec497a70cb7cfe45bc64a9993fa24a7512172ec442780df32b8eee6894c38e2e96e1c08
-
SSDEEP
6144:vmZp9qpWymPBeaSAOJ+7xi5eRed63qaCR8nIBKf:ORGLmPBeaSAOJ+7xi5eRed63qaCO
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2