Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
12a8a8c0b4265d1aebe11a5611718db9_JaffaCakes118
-
Size
463KB
-
Sample
241004-ksmnfavdqk
-
MD5
12a8a8c0b4265d1aebe11a5611718db9
-
SHA1
fad19cb273b1c6b5726924b8fb5949aa19b8309f
-
SHA256
c73137fd1f2945fb1effcb951a865070700fc2c7f6b646ee7532394134e59e95
-
SHA512
6fab602d6342875ca7d26b2760792cbe59525ada8f0cdc463a2202f7301ed277b2f4266f0742fe1934786f6d050d9ade1c33a86947ce643b7077355471c8aa4a
-
SSDEEP
12288:NGz/+QqOwRKpf9EN1GVBS6UQySZZEs8wSvn:2+6RlKjHQySZh8wI
Static task
static1
Behavioral task
behavioral1
Sample
NODKeygen.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
NODKeygen.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
NODKeygen.exe
-
Size
603KB
-
MD5
6b27da644353449db17f11c719d41faa
-
SHA1
cb77bf1827298e3c1d6f990b6bcac2dbaaaf26d3
-
SHA256
3984476ed5d3e9eb74667e766a1785800ffd78e0088608dd54950fa31460b2e0
-
SHA512
3fd7c521e9f615675f7e70c4e39d794b537a7a48c15e74dd73abb14c309da66a1802574d588f26b94b9cc5e3c5ea390977346162ebcb0709045ffeb1eb41387f
-
SSDEEP
12288:I47B6s5kmIpMvdznMoB+SbPDn1OHnrCxc9eDQbd4laK:7pesdMoB+GncgdsbiaK
Score7/10-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Print Processors
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Print Processors
1Registry Run Keys / Startup Folder
1