Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

e1bc4df908...18.exe

windows7-x64

8

e1bc4df908...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1bc4df908c392463861a686e5db019c_JaffaCakes118

  • Size

    4.9MB

  • Sample

    240915-fglvjswhmm

  • MD5

    e1bc4df908c392463861a686e5db019c

  • SHA1

    a351be6e655a6c85ce78e88f8572175359781a38

  • SHA256

    bdb3f4c8b20a6dee771612bd555a1e7aeaf824cb3befb7dd73c7d423789088e6

  • SHA512

    21a7895ee8d7a70ac70bc58d53808d3b51299ebca58bb8d6450c20362a869d9b521d31e1108469ddb38c06e7de890f056d1264c02ccf5c786440257de502d657

  • SSDEEP

    98304:+ytLuESrJkyTl9KMkEfj9gMWRW1xpF27ZOidJf9a52DLsz8RG3slJu+NEO0:+zrJR9/JgtWjpF2VtdJ852BceTNv0

Score
8/10
discoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      e1bc4df908c392463861a686e5db019c_JaffaCakes118

    • Size

      4.9MB

    • MD5

      e1bc4df908c392463861a686e5db019c

    • SHA1

      a351be6e655a6c85ce78e88f8572175359781a38

    • SHA256

      bdb3f4c8b20a6dee771612bd555a1e7aeaf824cb3befb7dd73c7d423789088e6

    • SHA512

      21a7895ee8d7a70ac70bc58d53808d3b51299ebca58bb8d6450c20362a869d9b521d31e1108469ddb38c06e7de890f056d1264c02ccf5c786440257de502d657

    • SSDEEP

      98304:+ytLuESrJkyTl9KMkEfj9gMWRW1xpF27ZOidJf9a52DLsz8RG3slJu+NEO0:+zrJR9/JgtWjpF2VtdJ852BceTNv0

    Score
    8/10
    discoveryevasionexecutionpersistence

    • Stops running service(s)

      evasionexecution

    • Uses Session Manager for persistence

      Creates Session Manager registry key to run executable early in system boot.

      persistence

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Impair Defenses

1
T1562

Modify Registry

2
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

1
T1489

Tasks