Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d02e40bfeaec6d8a92f1b336a5626237_JaffaCakes118
-
Size
2.6MB
-
Sample
240906-wzw18s1gmc
-
MD5
d02e40bfeaec6d8a92f1b336a5626237
-
SHA1
ee06e90b62584abf50c5c02b9b7624163be72a01
-
SHA256
fbc5366fa03db88deb0bce0cb92784e23dc14f5f01d72abf75698273c1b034ad
-
SHA512
c6de7587fcc4347cf9d75718d8463840a4b60fe2615b87ba1a0763c109e2bd8142dccf334aec5aa1ed3d6af3778a90624bcb6f16266fc0ed7b870b24392feeec
-
SSDEEP
49152:b7747b777Jf/v/eA7F/DAw/Ci1SODfOl0XcVxY/Sd58p9+fFd:b7747b777Jf3/eA7F8QcODAEcVCa58HQ
Static task
static1
Behavioral task
behavioral1
Sample
d02e40bfeaec6d8a92f1b336a5626237_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
d02e40bfeaec6d8a92f1b336a5626237_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
d02e40bfeaec6d8a92f1b336a5626237_JaffaCakes118
-
Size
2.6MB
-
MD5
d02e40bfeaec6d8a92f1b336a5626237
-
SHA1
ee06e90b62584abf50c5c02b9b7624163be72a01
-
SHA256
fbc5366fa03db88deb0bce0cb92784e23dc14f5f01d72abf75698273c1b034ad
-
SHA512
c6de7587fcc4347cf9d75718d8463840a4b60fe2615b87ba1a0763c109e2bd8142dccf334aec5aa1ed3d6af3778a90624bcb6f16266fc0ed7b870b24392feeec
-
SSDEEP
49152:b7747b777Jf/v/eA7F/DAw/Ci1SODfOl0XcVxY/Sd58p9+fFd:b7747b777Jf3/eA7F8QcODAEcVCa58HQ
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Enumerates VirtualBox registry keys
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
1