Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

e08513bc1b...18.exe

windows7-x64

8

e08513bc1b...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e08513bc1b6ae670a7eebe8ea5280f28_JaffaCakes118

  • Size

    3.0MB

  • Sample

    240914-tcgxpaseqe

  • MD5

    e08513bc1b6ae670a7eebe8ea5280f28

  • SHA1

    38857f477aefcc84ce49c4898ecbd4cc8749019b

  • SHA256

    47e699a6f933ed28b3cff662c3c026ea20c3cf67734ff04460069930245da411

  • SHA512

    db91ed08e9780dc529e5174c869dc1b70c9784d49f9dc64b33cf23474b0ff7f09e958896875c169a0ff47b2ef9f7c0828503b0810fea600360f0d0adddaacb9f

  • SSDEEP

    98304:4YiM416F32BF8HTzTjXuqODWXRNFsGZHLdLBzp9:4YSU32BF8jjeVsRNFsGZHLJ

Score
8/10
discoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      e08513bc1b6ae670a7eebe8ea5280f28_JaffaCakes118

    • Size

      3.0MB

    • MD5

      e08513bc1b6ae670a7eebe8ea5280f28

    • SHA1

      38857f477aefcc84ce49c4898ecbd4cc8749019b

    • SHA256

      47e699a6f933ed28b3cff662c3c026ea20c3cf67734ff04460069930245da411

    • SHA512

      db91ed08e9780dc529e5174c869dc1b70c9784d49f9dc64b33cf23474b0ff7f09e958896875c169a0ff47b2ef9f7c0828503b0810fea600360f0d0adddaacb9f

    • SSDEEP

      98304:4YiM416F32BF8HTzTjXuqODWXRNFsGZHLdLBzp9:4YSU32BF8jjeVsRNFsGZHLJ

    Score
    8/10
    discoveryevasionexecutionpersistence

    • Stops running service(s)

      evasionexecution

    • Uses Session Manager for persistence

      Creates Session Manager registry key to run executable early in system boot.

      persistence

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Impair Defenses

1
T1562

Modify Registry

2
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

1
T1489

Tasks