Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
039e3bbbdc4b89f74154a95535c37a34_JaffaCakes118
-
Size
96KB
-
Sample
240930-3hgcsavake
-
MD5
039e3bbbdc4b89f74154a95535c37a34
-
SHA1
55932bfb068803b176e25c1967f0e13c26d7caee
-
SHA256
8c6a9cf0261f8ab2478cdb28448a1c41511e491604b09cb303253eab79cae923
-
SHA512
6896585915e98be47d0f539c216a338ac76d4220d2e0419504134268cbeadfeb58fffae6982bd42ac2aa7c19fcea6903a567ac74ad5f96429367334c11a90201
-
SSDEEP
1536:n6QBHjf6cO/hxkGulSc16l6u+NMMl/KlYv1Tq5ThF/NIjnZKh:14hWlu8CFF/Cn0h
Malware Config
Targets
-
-
Target
039e3bbbdc4b89f74154a95535c37a34_JaffaCakes118
-
Size
96KB
-
MD5
039e3bbbdc4b89f74154a95535c37a34
-
SHA1
55932bfb068803b176e25c1967f0e13c26d7caee
-
SHA256
8c6a9cf0261f8ab2478cdb28448a1c41511e491604b09cb303253eab79cae923
-
SHA512
6896585915e98be47d0f539c216a338ac76d4220d2e0419504134268cbeadfeb58fffae6982bd42ac2aa7c19fcea6903a567ac74ad5f96429367334c11a90201
-
SSDEEP
1536:n6QBHjf6cO/hxkGulSc16l6u+NMMl/KlYv1Tq5ThF/NIjnZKh:14hWlu8CFF/Cn0h
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2