Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
05e1a2d1c8f499961d117b0151aa9b57_JaffaCakes118
-
Size
154KB
-
Sample
241001-p3bfdathlc
-
MD5
05e1a2d1c8f499961d117b0151aa9b57
-
SHA1
efba452f343aef7d9f14e7643c63c5318845a66b
-
SHA256
f50de6cc6268c75f0273dc806eeca20389dc6ebfc0de5e821e408f27d2620f40
-
SHA512
94ff0a69c57a77a358bf06d98e824852946dba18715e5125b156860bc7c947206560b2ace60cbefcc79cb74d3411a5c49808902fe89efa932c12f392bcd0c4eb
-
SSDEEP
3072:WHUkV92apgkgawkuF9I1doR9AQf1b7BnXoRnGZej2KHRH+lVMYqdl8Sx:Wt72MVganII1doHv1FXoYZ/SHUwdN
Static task
static1
Behavioral task
behavioral1
Sample
05e1a2d1c8f499961d117b0151aa9b57_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
05e1a2d1c8f499961d117b0151aa9b57_JaffaCakes118
-
Size
154KB
-
MD5
05e1a2d1c8f499961d117b0151aa9b57
-
SHA1
efba452f343aef7d9f14e7643c63c5318845a66b
-
SHA256
f50de6cc6268c75f0273dc806eeca20389dc6ebfc0de5e821e408f27d2620f40
-
SHA512
94ff0a69c57a77a358bf06d98e824852946dba18715e5125b156860bc7c947206560b2ace60cbefcc79cb74d3411a5c49808902fe89efa932c12f392bcd0c4eb
-
SSDEEP
3072:WHUkV92apgkgawkuF9I1doR9AQf1b7BnXoRnGZej2KHRH+lVMYqdl8Sx:Wt72MVganII1doHv1FXoYZ/SHUwdN
Score8/10-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
3Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1