Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e4b41c63ce86fd1df6e2d88d2d27c055_JaffaCakes118
-
Size
80KB
-
Sample
240916-nw71bswbja
-
MD5
e4b41c63ce86fd1df6e2d88d2d27c055
-
SHA1
f68aec6f694b98590102d2d6ebf57d5177d9bf1d
-
SHA256
14ba3ecb0c36a04be8f49edc9bec0bdc7d07056decebdf0298fd99534fcc91eb
-
SHA512
8b49295b3fad77ea101986b5037ffed47a5b9586611cf5ffe4d1ec6f319ae5d8596600f8b9bd6fb6a31deb67177c30fb581f69e28b2551f524492dcf84ae215c
-
SSDEEP
1536:Hwhboay8bMecqi8Ejt3UB+Md7z3HALE5h7eUJAToTtNWKnbXtXI4ZG:Hwhzy8fhi8w2dHALE5hSlMzbX9NG
Static task
static1
Behavioral task
behavioral1
Sample
e4b41c63ce86fd1df6e2d88d2d27c055_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
e4b41c63ce86fd1df6e2d88d2d27c055_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
e4b41c63ce86fd1df6e2d88d2d27c055_JaffaCakes118
-
Size
80KB
-
MD5
e4b41c63ce86fd1df6e2d88d2d27c055
-
SHA1
f68aec6f694b98590102d2d6ebf57d5177d9bf1d
-
SHA256
14ba3ecb0c36a04be8f49edc9bec0bdc7d07056decebdf0298fd99534fcc91eb
-
SHA512
8b49295b3fad77ea101986b5037ffed47a5b9586611cf5ffe4d1ec6f319ae5d8596600f8b9bd6fb6a31deb67177c30fb581f69e28b2551f524492dcf84ae215c
-
SSDEEP
1536:Hwhboay8bMecqi8Ejt3UB+Md7z3HALE5h7eUJAToTtNWKnbXtXI4ZG:Hwhzy8fhi8w2dHALE5hSlMzbX9NG
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-