Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
eefde0896c38953d97338c9be9c989c5_JaffaCakes118
-
Size
1.4MB
-
Sample
240921-d3936atakb
-
MD5
eefde0896c38953d97338c9be9c989c5
-
SHA1
8f60fb6bb8d8f591d35f646fe8034bb1f25cc5c3
-
SHA256
c66d52bcf29db1ff263f01381f2da1fdb0e582b69227a0f43de6ec251aac47b6
-
SHA512
ebed225526cdebbe8a67077090bbf50c97016743d8c992e5797644776423d1fe84464686d2a9a5ea5e570a07eda712fca92e480f38b650a3db1f94225a7ac06b
-
SSDEEP
24576:4d33RjEptwxaf4mqVlb2mn91c91PzdOUfoZgTVuxk1G9Pyed5iTKXUg5N:G33RjEptwxaf4mW91c91Pfo2TV0k1GZB
Static task
static1
Behavioral task
behavioral1
Sample
eefde0896c38953d97338c9be9c989c5_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
eefde0896c38953d97338c9be9c989c5_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
eefde0896c38953d97338c9be9c989c5_JaffaCakes118
-
Size
1.4MB
-
MD5
eefde0896c38953d97338c9be9c989c5
-
SHA1
8f60fb6bb8d8f591d35f646fe8034bb1f25cc5c3
-
SHA256
c66d52bcf29db1ff263f01381f2da1fdb0e582b69227a0f43de6ec251aac47b6
-
SHA512
ebed225526cdebbe8a67077090bbf50c97016743d8c992e5797644776423d1fe84464686d2a9a5ea5e570a07eda712fca92e480f38b650a3db1f94225a7ac06b
-
SSDEEP
24576:4d33RjEptwxaf4mqVlb2mn91c91PzdOUfoZgTVuxk1G9Pyed5iTKXUg5N:G33RjEptwxaf4mW91c91Pfo2TV0k1GZB
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1