Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bc6aa9f064fa2f19b20094c0e45d7490_JaffaCakes118
-
Size
233KB
-
Sample
240823-th25tatfqc
-
MD5
bc6aa9f064fa2f19b20094c0e45d7490
-
SHA1
429aea71cd552879c9ddb925faa826f638122b7c
-
SHA256
cf1c4ef9459af9a64c8c309ae3b0655fa871e075c9c3a95e3b427df1fda6a945
-
SHA512
9ee731df56dd4a6cd8e077f0168b26f5142db69cd2d0723d5eda2c0dd6cedd8f280c70d01ea52f58f4d86ce92e836d9752c5e7de0d66b1927b201707e282ea44
-
SSDEEP
3072:dJtyL3ElLU4DUwiM7qEOZWkgygoXQ3o65suIL6+vtvBMImpK2PrUb0lrqT:dJ+H4iMO0kLgoXQ3o6xy6+vL/mkfb0F8
Malware Config
Targets
-
-
Target
bc6aa9f064fa2f19b20094c0e45d7490_JaffaCakes118
-
Size
233KB
-
MD5
bc6aa9f064fa2f19b20094c0e45d7490
-
SHA1
429aea71cd552879c9ddb925faa826f638122b7c
-
SHA256
cf1c4ef9459af9a64c8c309ae3b0655fa871e075c9c3a95e3b427df1fda6a945
-
SHA512
9ee731df56dd4a6cd8e077f0168b26f5142db69cd2d0723d5eda2c0dd6cedd8f280c70d01ea52f58f4d86ce92e836d9752c5e7de0d66b1927b201707e282ea44
-
SSDEEP
3072:dJtyL3ElLU4DUwiM7qEOZWkgygoXQ3o65suIL6+vtvBMImpK2PrUb0lrqT:dJ+H4iMO0kLgoXQ3o6xy6+vL/mkfb0F8
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1