Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

dd1c56f48b...18.exe

windows7-x64

7

dd1c56f48b...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dd1c56f48b4c085f72e4461e8887d2b6_JaffaCakes118

  • Size

    91KB

  • Sample

    240912-1nxwlswgkp

  • MD5

    dd1c56f48b4c085f72e4461e8887d2b6

  • SHA1

    c5448e37a799ba30ba50f7b533e5fafe56a5c311

  • SHA256

    317a8c0d5c7125c48a31b968245c20dbe73387e1a660231022f967819c0df385

  • SHA512

    d6c7368bc613cc59b51754a99702f7172dfdcbf8eb0845c5d37b73235586e9e93944e9fcd6c6530bf9c4d351e1d3823bd6522894ff359a032890700875e0fff9

  • SSDEEP

    1536:4SSS+7f0OYCciVcnhhfN8WFHevNj2g8m0ixW2IMjSO53Sb6qZu4:4B3MLxZnH18OHG2w0avtSy3M6qZu4

Score
7/10
bootkitdefense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      dd1c56f48b4c085f72e4461e8887d2b6_JaffaCakes118

    • Size

      91KB

    • MD5

      dd1c56f48b4c085f72e4461e8887d2b6

    • SHA1

      c5448e37a799ba30ba50f7b533e5fafe56a5c311

    • SHA256

      317a8c0d5c7125c48a31b968245c20dbe73387e1a660231022f967819c0df385

    • SHA512

      d6c7368bc613cc59b51754a99702f7172dfdcbf8eb0845c5d37b73235586e9e93944e9fcd6c6530bf9c4d351e1d3823bd6522894ff359a032890700875e0fff9

    • SSDEEP

      1536:4SSS+7f0OYCciVcnhhfN8WFHevNj2g8m0ixW2IMjSO53Sb6qZu4:4B3MLxZnH18OHG2w0avtSy3M6qZu4

    Score
    7/10
    bootkitdefense_evasiondiscoverypersistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks