Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
eb39a3cd1b1ba521c1afc88cc8adcbaa_JaffaCakes118
-
Size
134KB
-
Sample
240919-nf1lbavhqe
-
MD5
eb39a3cd1b1ba521c1afc88cc8adcbaa
-
SHA1
6958de247ff038d51b1f41d282e9c015fd4f967b
-
SHA256
f0603f5a1cc16b517fc3658ebe988a7e73aed572906c8597b8115f7161aadb84
-
SHA512
0e774f81e2052766659bb99bec4520dcff477ffeadae054aacfd0e517e4bf26716555537d95590df8411112b038deec404a7bfa62324a1c6273943a34dc6853e
-
SSDEEP
3072:pVz8NPIGuuPwg74pLBD47NFPfK6xjcWf6eBHTBfb82H9:pF83b74px47z96AHTBj82d
Static task
static1
Behavioral task
behavioral1
Sample
eb39a3cd1b1ba521c1afc88cc8adcbaa_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eb39a3cd1b1ba521c1afc88cc8adcbaa_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
eb39a3cd1b1ba521c1afc88cc8adcbaa_JaffaCakes118
-
Size
134KB
-
MD5
eb39a3cd1b1ba521c1afc88cc8adcbaa
-
SHA1
6958de247ff038d51b1f41d282e9c015fd4f967b
-
SHA256
f0603f5a1cc16b517fc3658ebe988a7e73aed572906c8597b8115f7161aadb84
-
SHA512
0e774f81e2052766659bb99bec4520dcff477ffeadae054aacfd0e517e4bf26716555537d95590df8411112b038deec404a7bfa62324a1c6273943a34dc6853e
-
SSDEEP
3072:pVz8NPIGuuPwg74pLBD47NFPfK6xjcWf6eBHTBfb82H9:pF83b74px47z96AHTBj82d
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1