Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
10d700856bd588b648157041acce8038_JaffaCakes118
-
Size
747KB
-
Sample
241003-22a5fa1glj
-
MD5
10d700856bd588b648157041acce8038
-
SHA1
7d1504a02c203e52d7125026a50948cb2caa9549
-
SHA256
d3cda4032aea5109741bb2c6472ae849b53105cfe3227782833b7424cb348416
-
SHA512
b14a839e5c491a39994f405163dae6716723735b28c02c0d6694955bad4a4019429d95b804fdb006157733547b83977a24a73db90551a5763d7253131098569d
-
SSDEEP
12288:ck0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+H:90QRWoJEfg0oChGdJQbjPbNW5tYeP+GK
Behavioral task
behavioral1
Sample
10d700856bd588b648157041acce8038_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Hacked
mrhacking.no-ip.info:1604
DC_MUTEX-F54S21D
-
gencode
0J8mwKswKmMK
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
10d700856bd588b648157041acce8038_JaffaCakes118
-
Size
747KB
-
MD5
10d700856bd588b648157041acce8038
-
SHA1
7d1504a02c203e52d7125026a50948cb2caa9549
-
SHA256
d3cda4032aea5109741bb2c6472ae849b53105cfe3227782833b7424cb348416
-
SHA512
b14a839e5c491a39994f405163dae6716723735b28c02c0d6694955bad4a4019429d95b804fdb006157733547b83977a24a73db90551a5763d7253131098569d
-
SSDEEP
12288:ck0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+H:90QRWoJEfg0oChGdJQbjPbNW5tYeP+GK
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1