Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d01067729fa1115d8d5bbf38b3f4ec3d_JaffaCakes118
-
Size
1.9MB
-
Sample
240906-vx6bfsyhjc
-
MD5
d01067729fa1115d8d5bbf38b3f4ec3d
-
SHA1
d7cfbdea47d7fb75ee250fb67fe4c3b42c4ce98c
-
SHA256
17e3cd4e87366dd49b48163a452dd8e3e850a52131673fcc275cf460fa199eaa
-
SHA512
bc035368f0584a8179e63e7cf3c1cd2e5f7dc2a02c8b2ce4921c9ea215f99904dd090f7a171aad3d596dc0f61147a1f7dfb83bbe69fc9df79239fb0a11740031
-
SSDEEP
12288:RFfwcHcu8pMkZ3Fn9d+Vd3SUZ+7EeI1x7f7V3+hT6DaRWz58kc+1xy8SyGU4lD1:RJcu8pl9d+VdCUhN1SsNK+1pSyx4/
Static task
static1
Behavioral task
behavioral1
Sample
d01067729fa1115d8d5bbf38b3f4ec3d_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d01067729fa1115d8d5bbf38b3f4ec3d_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
d01067729fa1115d8d5bbf38b3f4ec3d_JaffaCakes118
-
Size
1.9MB
-
MD5
d01067729fa1115d8d5bbf38b3f4ec3d
-
SHA1
d7cfbdea47d7fb75ee250fb67fe4c3b42c4ce98c
-
SHA256
17e3cd4e87366dd49b48163a452dd8e3e850a52131673fcc275cf460fa199eaa
-
SHA512
bc035368f0584a8179e63e7cf3c1cd2e5f7dc2a02c8b2ce4921c9ea215f99904dd090f7a171aad3d596dc0f61147a1f7dfb83bbe69fc9df79239fb0a11740031
-
SSDEEP
12288:RFfwcHcu8pMkZ3Fn9d+Vd3SUZ+7EeI1x7f7V3+hT6DaRWz58kc+1xy8SyGU4lD1:RJcu8pl9d+VdCUhN1SsNK+1pSyx4/
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2