Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2d3728194b...18.exe

windows7-x64

10

2d3728194b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d3728194bb0fcdf013114f8c2d4b416_JaffaCakes118

  • Size

    209KB

  • Sample

    241009-javqnaxhka

  • MD5

    2d3728194bb0fcdf013114f8c2d4b416

  • SHA1

    c4e1856ba775abee83dc859fd435a7e71fa38d9f

  • SHA256

    11d4ca0c5f76091f3423fb30ebd6adc6c9983609f46da62b0fe2056edd608cc0

  • SHA512

    4891963b25f3b15a6ebbc5f97f73d57a8a16faa327ddb19153073f5e796c92fe8fcc54b5c6c708c52baf170a75dfd8f42b267ef1ec2027f14aa8fb2a6ded463c

  • SSDEEP

    3072:iNu9h3eiLZT2UTOyU2qTq/yecrqyEIlyny4iio1t1oBM9/AC99kLNh11GJ+UEtE4:lh3eeTXFUnq/yesLEoynn7BMJSXtt34M

Score
10/10
bootkitdiscoveryevasionpersistence

Malware Config

Targets

    • Target

      2d3728194bb0fcdf013114f8c2d4b416_JaffaCakes118

    • Size

      209KB

    • MD5

      2d3728194bb0fcdf013114f8c2d4b416

    • SHA1

      c4e1856ba775abee83dc859fd435a7e71fa38d9f

    • SHA256

      11d4ca0c5f76091f3423fb30ebd6adc6c9983609f46da62b0fe2056edd608cc0

    • SHA512

      4891963b25f3b15a6ebbc5f97f73d57a8a16faa327ddb19153073f5e796c92fe8fcc54b5c6c708c52baf170a75dfd8f42b267ef1ec2027f14aa8fb2a6ded463c

    • SSDEEP

      3072:iNu9h3eiLZT2UTOyU2qTq/yecrqyEIlyny4iio1t1oBM9/AC99kLNh11GJ+UEtE4:lh3eeTXFUnq/yesLEoynn7BMJSXtt34M

    Score
    10/10
    bootkitdiscoveryevasionpersistence

    • Modifies security service

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks