Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f6f8ebb4df7bc3d77b3d53677c4d48cb_JaffaCakes118
-
Size
180KB
-
Sample
240925-2ar9msthlb
-
MD5
f6f8ebb4df7bc3d77b3d53677c4d48cb
-
SHA1
f3e342c6be5ac445a1e46c27711061f77a787e02
-
SHA256
c526cb59f58c54a03823cd99af2579319560fa4244e2818c5f2ea5ec330aeead
-
SHA512
7902b542fa99eb0ac18bdb55b6243616b283f126248b4610b08d44ae44925b5e40bd857ec06fdab311caa3df402bc76d49eb66fd71340ab0dd922450b070c87d
-
SSDEEP
3072:BDbWOntusSGID19zQoMeyYX5KHn7g6VfJn5f6KdhWaA8:B2OIsSbxSnm2tRJnP
Static task
static1
Behavioral task
behavioral1
Sample
f6f8ebb4df7bc3d77b3d53677c4d48cb_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
f6f8ebb4df7bc3d77b3d53677c4d48cb_JaffaCakes118
-
Size
180KB
-
MD5
f6f8ebb4df7bc3d77b3d53677c4d48cb
-
SHA1
f3e342c6be5ac445a1e46c27711061f77a787e02
-
SHA256
c526cb59f58c54a03823cd99af2579319560fa4244e2818c5f2ea5ec330aeead
-
SHA512
7902b542fa99eb0ac18bdb55b6243616b283f126248b4610b08d44ae44925b5e40bd857ec06fdab311caa3df402bc76d49eb66fd71340ab0dd922450b070c87d
-
SSDEEP
3072:BDbWOntusSGID19zQoMeyYX5KHn7g6VfJn5f6KdhWaA8:B2OIsSbxSnm2tRJnP
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
4