Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ee649b7acba8f8160465f0667c321927_JaffaCakes118
-
Size
212KB
-
Sample
240920-zjxvdaxdkj
-
MD5
ee649b7acba8f8160465f0667c321927
-
SHA1
fc4c882267bf6037212c8523d4dbc2e4276d3bf0
-
SHA256
9a080eaab2e59991ae8cc971b2f6f2d81760db83484b5a365b5c816d19d89931
-
SHA512
68c17cf13862c2f72b5a29885052efdf4e76ed92f95ca6550adc6ef2ad7ca1ec7ba3f98509055d4854285e4adb3c68bb7e0b07a258489cb8191d545a80ad81f3
-
SSDEEP
6144:2c9kfgNnCYP40Xf/9PJR8WjN4VRNuX/hYH:BWfgIanlJ2YGVG/qH
Static task
static1
Behavioral task
behavioral1
Sample
ee649b7acba8f8160465f0667c321927_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
ee649b7acba8f8160465f0667c321927_JaffaCakes118
-
Size
212KB
-
MD5
ee649b7acba8f8160465f0667c321927
-
SHA1
fc4c882267bf6037212c8523d4dbc2e4276d3bf0
-
SHA256
9a080eaab2e59991ae8cc971b2f6f2d81760db83484b5a365b5c816d19d89931
-
SHA512
68c17cf13862c2f72b5a29885052efdf4e76ed92f95ca6550adc6ef2ad7ca1ec7ba3f98509055d4854285e4adb3c68bb7e0b07a258489cb8191d545a80ad81f3
-
SSDEEP
6144:2c9kfgNnCYP40Xf/9PJR8WjN4VRNuX/hYH:BWfgIanlJ2YGVG/qH
-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2