Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
eba29d7c748c07c33334aeb39f1bfe0e_JaffaCakes118
-
Size
1.9MB
-
Sample
240919-symjmawfpn
-
MD5
eba29d7c748c07c33334aeb39f1bfe0e
-
SHA1
c1dea7399bbc1ce4269bcd95cfe74d096b342392
-
SHA256
10bc207a49c42553abfdaf6bad13228ed662c38de58a8132c3c7155f7319163b
-
SHA512
d43c44575afa3d60f836df6d2a2271c06ace31ebf2a38f81572b8948b021c9c11ab3dd4efa377c3801410f52a77c016fc4a34f83e0c1550d75e548984a54d0d9
-
SSDEEP
12288:4vO2jCbhwdKLPYs0E55JJ5PsLk1rmiUpXwN0PxNBxliM5MPSx/B6zc:emYsL55heZd5PiMsSx/B6zc
Static task
static1
Behavioral task
behavioral1
Sample
eba29d7c748c07c33334aeb39f1bfe0e_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eba29d7c748c07c33334aeb39f1bfe0e_JaffaCakes118.exe
Resource
win10v2004-20240910-en
Malware Config
Targets
-
-
Target
eba29d7c748c07c33334aeb39f1bfe0e_JaffaCakes118
-
Size
1.9MB
-
MD5
eba29d7c748c07c33334aeb39f1bfe0e
-
SHA1
c1dea7399bbc1ce4269bcd95cfe74d096b342392
-
SHA256
10bc207a49c42553abfdaf6bad13228ed662c38de58a8132c3c7155f7319163b
-
SHA512
d43c44575afa3d60f836df6d2a2271c06ace31ebf2a38f81572b8948b021c9c11ab3dd4efa377c3801410f52a77c016fc4a34f83e0c1550d75e548984a54d0d9
-
SSDEEP
12288:4vO2jCbhwdKLPYs0E55JJ5PsLk1rmiUpXwN0PxNBxliM5MPSx/B6zc:emYsL55heZd5PiMsSx/B6zc
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Privilege Escalation
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2