Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

df4a9f5ee4...18.exe

windows7-x64

10

df4a9f5ee4...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    df4a9f5ee46bc52a7bb2b74b40d63f91_JaffaCakes118

  • Size

    38KB

  • Sample

    240914-cga69s1eml

  • MD5

    df4a9f5ee46bc52a7bb2b74b40d63f91

  • SHA1

    3be6099b9d200248af319c16b0a310e091ff3cec

  • SHA256

    b409b74d07d372f2d645ffe3aee93b25ec04fac6e16bbd3a5c15c9ede5e0f4ba

  • SHA512

    855455a548f08c32ce2153e9ca14353c0874623e90e9dc6045dd1bb23bf5de99759384c33d6e76e7aca69f386e0f10ff3a40ea6f985346cea1e1fd2256e9961f

  • SSDEEP

    384:Ohu//BkfGN15yrdjI+cRy2APBsLf45kSyf8K7MPZv9TwhMJqILDU0jMK2X3lyq4Y:bBkeNeXdt5ADCwSqab2Xd4Y/ik

Score
10/10
evasionpersistencetrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    tamereenshort2

Targets

    • Target

      df4a9f5ee46bc52a7bb2b74b40d63f91_JaffaCakes118

    • Size

      38KB

    • MD5

      df4a9f5ee46bc52a7bb2b74b40d63f91

    • SHA1

      3be6099b9d200248af319c16b0a310e091ff3cec

    • SHA256

      b409b74d07d372f2d645ffe3aee93b25ec04fac6e16bbd3a5c15c9ede5e0f4ba

    • SHA512

      855455a548f08c32ce2153e9ca14353c0874623e90e9dc6045dd1bb23bf5de99759384c33d6e76e7aca69f386e0f10ff3a40ea6f985346cea1e1fd2256e9961f

    • SSDEEP

      384:Ohu//BkfGN15yrdjI+cRy2APBsLf45kSyf8K7MPZv9TwhMJqILDU0jMK2X3lyq4Y:bBkeNeXdt5ADCwSqab2Xd4Y/ik

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks