Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
efb9891ddb30cb3dea7dfbe51c295a15_JaffaCakes118
-
Size
3.8MB
-
Sample
240921-nxv26azhnh
-
MD5
efb9891ddb30cb3dea7dfbe51c295a15
-
SHA1
987be11a59a129cc0d4e71fcfddeb3adf596e262
-
SHA256
c8c1be11b7eadaef5fd7d78d2d6c4d9944f6f59b783b4f4b7c7f3eac8e68143d
-
SHA512
cfb93d327b9914e831bce6932f09be7d809c25418e401f39182515082291d16fc4883fcdb93b7bb2fed3bc753de00e61371aaf4d00e0a6c68fbc4c0e37424487
-
SSDEEP
98304:+znOEj82saUwGJX87Q2iLcJ6Jg4G+SAdR:+n9slwGJXqvJ6JgdU
Behavioral task
behavioral1
Sample
efb9891ddb30cb3dea7dfbe51c295a15_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
efb9891ddb30cb3dea7dfbe51c295a15_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
efb9891ddb30cb3dea7dfbe51c295a15_JaffaCakes118
-
Size
3.8MB
-
MD5
efb9891ddb30cb3dea7dfbe51c295a15
-
SHA1
987be11a59a129cc0d4e71fcfddeb3adf596e262
-
SHA256
c8c1be11b7eadaef5fd7d78d2d6c4d9944f6f59b783b4f4b7c7f3eac8e68143d
-
SHA512
cfb93d327b9914e831bce6932f09be7d809c25418e401f39182515082291d16fc4883fcdb93b7bb2fed3bc753de00e61371aaf4d00e0a6c68fbc4c0e37424487
-
SSDEEP
98304:+znOEj82saUwGJX87Q2iLcJ6Jg4G+SAdR:+n9slwGJXqvJ6JgdU
Score10/10-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3