Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c15eeb848d230e98f13ac3287e4e4916_JaffaCakes118
-
Size
664KB
-
Sample
240825-xlqsqs1cpk
-
MD5
c15eeb848d230e98f13ac3287e4e4916
-
SHA1
d8f86e0f9cf3f899cf0a47809032e8afbf1b68b6
-
SHA256
7245a682dc36a935bea6b6f28595e9f77c06ae2f61aee4bc3032ff3976097503
-
SHA512
cf9750db73f185818ba8a75a055c2d8137a9733858e06ed8a278a759fd878b4ac630ff28cabbc2dc455fbfdac2f357294494ab80b0e9878a49671e1b907ef722
-
SSDEEP
12288:pDUe7v5RR/+YvID93ot1eQqZcR//BwUS+/CRTAoaj:yeLzR/+a6ot1efZcd/+LRTAz
Malware Config
Targets
-
-
Target
c15eeb848d230e98f13ac3287e4e4916_JaffaCakes118
-
Size
664KB
-
MD5
c15eeb848d230e98f13ac3287e4e4916
-
SHA1
d8f86e0f9cf3f899cf0a47809032e8afbf1b68b6
-
SHA256
7245a682dc36a935bea6b6f28595e9f77c06ae2f61aee4bc3032ff3976097503
-
SHA512
cf9750db73f185818ba8a75a055c2d8137a9733858e06ed8a278a759fd878b4ac630ff28cabbc2dc455fbfdac2f357294494ab80b0e9878a49671e1b907ef722
-
SSDEEP
12288:pDUe7v5RR/+YvID93ot1eQqZcR//BwUS+/CRTAoaj:yeLzR/+a6ot1efZcd/+LRTAz
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1