Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
139e9a94234891656c1dbbebe1ee981b_JaffaCakes118
-
Size
68KB
-
Sample
241004-q7qxas1hna
-
MD5
139e9a94234891656c1dbbebe1ee981b
-
SHA1
efaf819f9293480b9083a3a7a39ef74c2f73e3be
-
SHA256
cf1a099fd2e533b225e49d55c45b9276517acd22dd41a56edeb9f2742d298e38
-
SHA512
929fa0267dc49bfee8764f5f30a000cbd2373e715c9be88bdf0a0c6c8bd33658464f226126cc9565af881b4134d84d8d407005a03949239addfc6e497abda2a5
-
SSDEEP
1536:k9gswK6mz5xayrETcKa/KGrJWrQpI4OJq3BMVNf+XZWjxg:kPwpmnhrfxSFQeRJq3yVNf+pWdg
Malware Config
Targets
-
-
Target
139e9a94234891656c1dbbebe1ee981b_JaffaCakes118
-
Size
68KB
-
MD5
139e9a94234891656c1dbbebe1ee981b
-
SHA1
efaf819f9293480b9083a3a7a39ef74c2f73e3be
-
SHA256
cf1a099fd2e533b225e49d55c45b9276517acd22dd41a56edeb9f2742d298e38
-
SHA512
929fa0267dc49bfee8764f5f30a000cbd2373e715c9be88bdf0a0c6c8bd33658464f226126cc9565af881b4134d84d8d407005a03949239addfc6e497abda2a5
-
SSDEEP
1536:k9gswK6mz5xayrETcKa/KGrJWrQpI4OJq3BMVNf+XZWjxg:kPwpmnhrfxSFQeRJq3yVNf+pWdg
Score8/10-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Boot or Logon Autostart Execution: Authentication Package
Suspicious Windows Authentication Registry Modification.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Authentication Package
1Registry Run Keys / Startup Folder
1Browser Extensions
1Event Triggered Execution
1AppInit DLLs
1