Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
126978bf2654bd4cd5320de025e34ee7_JaffaCakes118
-
Size
968KB
-
Sample
241004-jdjgsswbjb
-
MD5
126978bf2654bd4cd5320de025e34ee7
-
SHA1
89f3ae11375e23502eff74ebcdba13152186cc04
-
SHA256
d396afe03cd67614bec52a820072d6b46a6eb1e437d85fc3ebc90f7c8f1fa4e9
-
SHA512
de5d80eff72875d47a9a5c785ebe2eb555156c845c4d31ad07d7048fc10d664d466ada3f01bf87838e258d1b365b2f7c3d7a2064a1f82e123fc60bedc0db684d
-
SSDEEP
24576:eaHMv6CorjqnyC8HFsj9dHHlUKh5Wgbuss5:e1vqjdC8HFczHFUmxbuss5
Static task
static1
Behavioral task
behavioral1
Sample
126978bf2654bd4cd5320de025e34ee7_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
126978bf2654bd4cd5320de025e34ee7_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
126978bf2654bd4cd5320de025e34ee7_JaffaCakes118
-
Size
968KB
-
MD5
126978bf2654bd4cd5320de025e34ee7
-
SHA1
89f3ae11375e23502eff74ebcdba13152186cc04
-
SHA256
d396afe03cd67614bec52a820072d6b46a6eb1e437d85fc3ebc90f7c8f1fa4e9
-
SHA512
de5d80eff72875d47a9a5c785ebe2eb555156c845c4d31ad07d7048fc10d664d466ada3f01bf87838e258d1b365b2f7c3d7a2064a1f82e123fc60bedc0db684d
-
SSDEEP
24576:eaHMv6CorjqnyC8HFsj9dHHlUKh5Wgbuss5:e1vqjdC8HFczHFUmxbuss5
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
3