Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ddea291496e6fe6bb2739c666ea1876f_JaffaCakes118
-
Size
58KB
-
Sample
240913-hvt47a1bne
-
MD5
ddea291496e6fe6bb2739c666ea1876f
-
SHA1
47e323dd16280e1ade512094c82ef33210342475
-
SHA256
44244177bebc0306e23721806059a64989be421960744c800693c99cb02b82c5
-
SHA512
c4895a63a80f642a4cc6ca164ed755d6a77f55db29502959ff89a2170e36faafc12b2f8bef4516b9e16197aeea739dcb18ceca00a7a2d66383604dfb6e269338
-
SSDEEP
768:MdICxZk/89MpVT7woQJcW/bnqC03T/yEwSndA/zJmnPi3Jnj:MTYd5QJc/vaSybs4
Static task
static1
Behavioral task
behavioral1
Sample
ddea291496e6fe6bb2739c666ea1876f_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ddea291496e6fe6bb2739c666ea1876f_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
ddea291496e6fe6bb2739c666ea1876f_JaffaCakes118
-
Size
58KB
-
MD5
ddea291496e6fe6bb2739c666ea1876f
-
SHA1
47e323dd16280e1ade512094c82ef33210342475
-
SHA256
44244177bebc0306e23721806059a64989be421960744c800693c99cb02b82c5
-
SHA512
c4895a63a80f642a4cc6ca164ed755d6a77f55db29502959ff89a2170e36faafc12b2f8bef4516b9e16197aeea739dcb18ceca00a7a2d66383604dfb6e269338
-
SSDEEP
768:MdICxZk/89MpVT7woQJcW/bnqC03T/yEwSndA/zJmnPi3Jnj:MTYd5QJc/vaSybs4
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Permission Groups Discovery
1Local Groups
1Process Discovery
1Query Registry
1Remote System Discovery
2System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1System Network Connections Discovery
1