Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
074c415b7ff6216759269472e63ef44d_JaffaCakes118
-
Size
73KB
-
Sample
241001-y7w3baygnn
-
MD5
074c415b7ff6216759269472e63ef44d
-
SHA1
238dfa827dcaa7ac3f48d30909abd20ecfedbb8e
-
SHA256
e776bac009401a8690377b7b49ba6ff61aea4eea48e1d3f208284556292fefc3
-
SHA512
8b93a53a7620a069ac046484f6c3ace792a8e83b6425d90de4b582f03d2dae3d2e531754708d4d7b9e2b5189b070f734cba9f43f084d11fd6615d5c9cb4ff81b
-
SSDEEP
1536:81z9+RskvxHkV3dDivpPpfl/WZD8bWdjyv4NXuuSY5T3:y9+Rsk54tclll/RbWtyv49V3
Malware Config
Targets
-
-
Target
074c415b7ff6216759269472e63ef44d_JaffaCakes118
-
Size
73KB
-
MD5
074c415b7ff6216759269472e63ef44d
-
SHA1
238dfa827dcaa7ac3f48d30909abd20ecfedbb8e
-
SHA256
e776bac009401a8690377b7b49ba6ff61aea4eea48e1d3f208284556292fefc3
-
SHA512
8b93a53a7620a069ac046484f6c3ace792a8e83b6425d90de4b582f03d2dae3d2e531754708d4d7b9e2b5189b070f734cba9f43f084d11fd6615d5c9cb4ff81b
-
SSDEEP
1536:81z9+RskvxHkV3dDivpPpfl/WZD8bWdjyv4NXuuSY5T3:y9+Rsk54tclll/RbWtyv49V3
Score8/10-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1