Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

c8fc70f58d...18.exe

windows7-x64

8

c8fc70f58d...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c8fc70f58d186bc77960daa2a2396111_JaffaCakes118

  • Size

    88KB

  • Sample

    240829-rkd5nawbqc

  • MD5

    c8fc70f58d186bc77960daa2a2396111

  • SHA1

    29965681b132ef5e8aca9f299b32f65d7cd9bea0

  • SHA256

    7595260b8b810dc3884e124d49bf57a5613fbf05fed58805a39b2f0a1bec2a0a

  • SHA512

    b2ed4ef83fadfa40706d6f1800f1a9ec4ecddd5ce00e73e3fe54f283a35a56c6ca594d41fa82b510da0a67ffc2a01e339df2e1df68edf499d54b0f5bb1f684e2

  • SSDEEP

    1536:VoGyX8vr1+baP1jkjUCW8r58g+16w1jWjUC481yDMFCvJgZP1aZd3BddzyhP1aWT:VWX8vr1+baP1jkjUCW8r58g+16w1jWjC

Score
8/10
discoveryevasionpersistencespywarestealer

Malware Config

Targets

    • Target

      c8fc70f58d186bc77960daa2a2396111_JaffaCakes118

    • Size

      88KB

    • MD5

      c8fc70f58d186bc77960daa2a2396111

    • SHA1

      29965681b132ef5e8aca9f299b32f65d7cd9bea0

    • SHA256

      7595260b8b810dc3884e124d49bf57a5613fbf05fed58805a39b2f0a1bec2a0a

    • SHA512

      b2ed4ef83fadfa40706d6f1800f1a9ec4ecddd5ce00e73e3fe54f283a35a56c6ca594d41fa82b510da0a67ffc2a01e339df2e1df68edf499d54b0f5bb1f684e2

    • SSDEEP

      1536:VoGyX8vr1+baP1jkjUCW8r58g+16w1jWjUC481yDMFCvJgZP1aZd3BddzyhP1aWT:VWX8vr1+baP1jkjUCW8r58g+16w1jWjC

    Score
    8/10
    discoveryevasionpersistencespywarestealer

    • Disables RegEdit via registry modification

      evasion

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks