Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dc4a53a61e55064647ede6ff07b3bd6d_JaffaCakes118
-
Size
271KB
-
Sample
240912-ppa8fsvdme
-
MD5
dc4a53a61e55064647ede6ff07b3bd6d
-
SHA1
4befd4a35e8b9e613f406c62017e34e51fbddf51
-
SHA256
496b4b8659f199ff0114624c37e926359175dacc10df3a533643988f2f79b673
-
SHA512
9b74000de07e85184c0a2801016cdbff278725186a3e5e85078aa59e6573d8c62b9161f2ed9e1b69498e9aef094b4d056c76b167e276fe5712328cfcfd22a225
-
SSDEEP
6144:+7VB+Pfl2OkSCt47sRjvD1tXaP1o6R7DRGPNv:kMcOkssRjZsdoKlq
Malware Config
Targets
-
-
Target
dc4a53a61e55064647ede6ff07b3bd6d_JaffaCakes118
-
Size
271KB
-
MD5
dc4a53a61e55064647ede6ff07b3bd6d
-
SHA1
4befd4a35e8b9e613f406c62017e34e51fbddf51
-
SHA256
496b4b8659f199ff0114624c37e926359175dacc10df3a533643988f2f79b673
-
SHA512
9b74000de07e85184c0a2801016cdbff278725186a3e5e85078aa59e6573d8c62b9161f2ed9e1b69498e9aef094b4d056c76b167e276fe5712328cfcfd22a225
-
SSDEEP
6144:+7VB+Pfl2OkSCt47sRjvD1tXaP1o6R7DRGPNv:kMcOkssRjZsdoKlq
Score10/10-
Modifies WinLogon for persistence
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1