Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ef7e3f05d3...18.exe

windows7-x64

10

ef7e3f05d3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef7e3f05d33a5b9befd1e0615fad4489_JaffaCakes118

  • Size

    712KB

  • Sample

    240921-lb2lpsvern

  • MD5

    ef7e3f05d33a5b9befd1e0615fad4489

  • SHA1

    310563f052e4ce5f92e8b655cf04444a8c056506

  • SHA256

    08796b1df82dd1cad1cb9470562c6fe97a5b682d8f79bda6bf3645cb168e57b3

  • SHA512

    00f1b96fe40bd20894080cc2720d8178f59a12031830209f94c3a31fd6f78f9e6e6aa1725dc59d47d46d3962cbc1eebb9a9905c1e1e23def27888a4325f2d956

  • SSDEEP

    12288:Ggji3IoVKpBtmz1P+fNNZHCRInBZqpzUF4AnjZnMei/SFfdYTQu2zwwGaJ:XyIo0tmZPwzFqtURjZnli5k3zwcJ

Score
10/10
discoveryevasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      ef7e3f05d33a5b9befd1e0615fad4489_JaffaCakes118

    • Size

      712KB

    • MD5

      ef7e3f05d33a5b9befd1e0615fad4489

    • SHA1

      310563f052e4ce5f92e8b655cf04444a8c056506

    • SHA256

      08796b1df82dd1cad1cb9470562c6fe97a5b682d8f79bda6bf3645cb168e57b3

    • SHA512

      00f1b96fe40bd20894080cc2720d8178f59a12031830209f94c3a31fd6f78f9e6e6aa1725dc59d47d46d3962cbc1eebb9a9905c1e1e23def27888a4325f2d956

    • SSDEEP

      12288:Ggji3IoVKpBtmz1P+fNNZHCRInBZqpzUF4AnjZnMei/SFfdYTQu2zwwGaJ:XyIo0tmZPwzFqtURjZnli5k3zwcJ

    Score
    10/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies WinLogon for persistence

      persistence

    • Modifies Windows Firewall

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks