Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

fe4baf0161...18.exe

windows7-x64

8

fe4baf0161...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fe4baf0161dd5b7408dd2d41e64843fe_JaffaCakes118

  • Size

    36KB

  • Sample

    240929-l3t1yayhmp

  • MD5

    fe4baf0161dd5b7408dd2d41e64843fe

  • SHA1

    75db56ae6754bbc97845ba470e80bc779685cde1

  • SHA256

    638b91a6a31f885370ec2bf325e66683050cc675ebbfab6e7b726e18e3a4070b

  • SHA512

    f9f2f510545418ff38b33cfb517fc276da81415abfa38015af074037106dea722ad7a39a59301e25fd6d5ee19bfd32aecfe0bc89631b3dcf4d45c02da07f7644

  • SSDEEP

    384:/TlCPkepDT6x0121Uc4rcGgiB7bwCrp/Ovw5ITvmPWvvDWSyWN:/B+kepkmrcDIbwCrRITvmPWTRZ

Score
8/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      fe4baf0161dd5b7408dd2d41e64843fe_JaffaCakes118

    • Size

      36KB

    • MD5

      fe4baf0161dd5b7408dd2d41e64843fe

    • SHA1

      75db56ae6754bbc97845ba470e80bc779685cde1

    • SHA256

      638b91a6a31f885370ec2bf325e66683050cc675ebbfab6e7b726e18e3a4070b

    • SHA512

      f9f2f510545418ff38b33cfb517fc276da81415abfa38015af074037106dea722ad7a39a59301e25fd6d5ee19bfd32aecfe0bc89631b3dcf4d45c02da07f7644

    • SSDEEP

      384:/TlCPkepDT6x0121Uc4rcGgiB7bwCrp/Ovw5ITvmPWvvDWSyWN:/B+kepkmrcDIbwCrRITvmPWTRZ

    Score
    8/10
    discoverypersistencespywarestealer

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks