Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f5b25ec260db4901e88d2793b5e34998_JaffaCakes118
-
Size
2.5MB
-
Sample
240925-lcwf3s1akh
-
MD5
f5b25ec260db4901e88d2793b5e34998
-
SHA1
05e5794bffc36694bb39750652fd84dc7e3146e6
-
SHA256
6edffe88fcc7936cd27cb9016ca25739aabd148e40cb44eeff8c53975f3144af
-
SHA512
5b6331493a142bbeb2c477a007c7275be20fbdc9af3413a508e84ceb8c2c4a6e34be30ce6dfddf2dbfd6cfd187e4a67823c687923f7d36a500c5f56baba04bec
-
SSDEEP
49152:8nEdi2AHYTFxTal3sQ7VoqvZgpIgpilI3gXWs0SoyN+Y+RC5Hwen/aGLYAzpkbyh:z44pxTal3sQ5raXS1c2Fv/ZLYAzpXh
Static task
static1
Behavioral task
behavioral1
Sample
f5b25ec260db4901e88d2793b5e34998_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f5b25ec260db4901e88d2793b5e34998_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://soft-store-inc.com/soft-usage/favicon.ico?0=1200&1=KHBTHJFA&2=i-s&3=176&4=7601&5=6&6=1&7=99600&8=1033
Extracted
http://soft-store-inc.com/soft-usage/favicon.ico?0=1200&1=UXMRPRRI&2=i-s&3=176&4=9200&5=6&6=2&7=919041&8=1033
Targets
-
-
Target
f5b25ec260db4901e88d2793b5e34998_JaffaCakes118
-
Size
2.5MB
-
MD5
f5b25ec260db4901e88d2793b5e34998
-
SHA1
05e5794bffc36694bb39750652fd84dc7e3146e6
-
SHA256
6edffe88fcc7936cd27cb9016ca25739aabd148e40cb44eeff8c53975f3144af
-
SHA512
5b6331493a142bbeb2c477a007c7275be20fbdc9af3413a508e84ceb8c2c4a6e34be30ce6dfddf2dbfd6cfd187e4a67823c687923f7d36a500c5f56baba04bec
-
SSDEEP
49152:8nEdi2AHYTFxTal3sQ7VoqvZgpIgpilI3gXWs0SoyN+Y+RC5Hwen/aGLYAzpkbyh:z44pxTal3sQ5raXS1c2Fv/ZLYAzpXh
-
Modifies WinLogon for persistence
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Impair Defenses
1Indicator Removal
1File Deletion
1Modify Registry
2