Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fbc7518bbfc4711c6ae1972891dbe7c6_JaffaCakes118
-
Size
295KB
-
Sample
240928-h5ga3swang
-
MD5
fbc7518bbfc4711c6ae1972891dbe7c6
-
SHA1
ba97f5844951faa501eca586b7e5bf62b1a87667
-
SHA256
cd57d3a1736fa1a9a7fc25c8d3911a076d5ce1b65876cb65695d0a00bcec4452
-
SHA512
971204ff507a2fd479a767536db0fa6ca28a5805c6e632c4c020dd59b351c6457a0b76c5104304d38369bffcc0bc1a49e5fc88b87c5aaebd76de8285ac5d7985
-
SSDEEP
3072:uOXpHv1O0dCoutpmN32wePesy9B10l4LGIkTMjr7bY3SK9ydtL7qm8GmNCcEmAYs:XpvCoSwLLlqM/Y876m8aqWVZuo
Behavioral task
behavioral1
Sample
fbc7518bbfc4711c6ae1972891dbe7c6_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
fbc7518bbfc4711c6ae1972891dbe7c6_JaffaCakes118
-
Size
295KB
-
MD5
fbc7518bbfc4711c6ae1972891dbe7c6
-
SHA1
ba97f5844951faa501eca586b7e5bf62b1a87667
-
SHA256
cd57d3a1736fa1a9a7fc25c8d3911a076d5ce1b65876cb65695d0a00bcec4452
-
SHA512
971204ff507a2fd479a767536db0fa6ca28a5805c6e632c4c020dd59b351c6457a0b76c5104304d38369bffcc0bc1a49e5fc88b87c5aaebd76de8285ac5d7985
-
SSDEEP
3072:uOXpHv1O0dCoutpmN32wePesy9B10l4LGIkTMjr7bY3SK9ydtL7qm8GmNCcEmAYs:XpvCoSwLLlqM/Y876m8aqWVZuo
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1