Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
18360cfeca1cb39ec7a122b8fde27894_JaffaCakes118
-
Size
112KB
-
Sample
241006-qb69eavgml
-
MD5
18360cfeca1cb39ec7a122b8fde27894
-
SHA1
1b7ef6d5eed70bdf22196cb393906e88a06cdd0e
-
SHA256
e939e763ebbe85380b46800f85060bb2c78b2fbeadbe9f6716be1323e2a71b5c
-
SHA512
29f33d40c0e303f194ea3b4764fb0faac6b62ca3225b71dd845d2ce85334c92e460548900265ee4fbf1c6b809956c87f5598ab559a69edbbfafa4f9ed8a40b73
-
SSDEEP
3072:DVi+GaaeMfzwqkOD/bRKBl5+02g3/BCi3:Zi+GaaeMfEqke/bo3z3
Malware Config
Targets
-
-
Target
18360cfeca1cb39ec7a122b8fde27894_JaffaCakes118
-
Size
112KB
-
MD5
18360cfeca1cb39ec7a122b8fde27894
-
SHA1
1b7ef6d5eed70bdf22196cb393906e88a06cdd0e
-
SHA256
e939e763ebbe85380b46800f85060bb2c78b2fbeadbe9f6716be1323e2a71b5c
-
SHA512
29f33d40c0e303f194ea3b4764fb0faac6b62ca3225b71dd845d2ce85334c92e460548900265ee4fbf1c6b809956c87f5598ab559a69edbbfafa4f9ed8a40b73
-
SSDEEP
3072:DVi+GaaeMfzwqkOD/bRKBl5+02g3/BCi3:Zi+GaaeMfEqke/bo3z3
Score8/10-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1