Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2d9e2dafe6...18.exe

windows7-x64

10

2d9e2dafe6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d9e2dafe65b5503fbce184872aa87fb_JaffaCakes118

  • Size

    21KB

  • Sample

    241009-jy1a2swhjn

  • MD5

    2d9e2dafe65b5503fbce184872aa87fb

  • SHA1

    6f5cf4c80cc86bff3f78ef7de9b8809a5d72d0d9

  • SHA256

    0a0dd626cf0198bf3c0ab3e02a69c457d03c11694a45d0867bdff7db7804c0e2

  • SHA512

    74326c44bf36288b3eda201ac2f0317202df4e5f61a62abcb37cba5633a9703ad00a580a8e33a52e449021142f4c26be34aa019a09221ceb667f208834c99f73

  • SSDEEP

    384:oBQdvnWVAWMc+WZmV0KBKHEdrZgo6cnxJ7RE2mu1DU6EpE:NWVAW3A0u4kH6aJ7O7u1Y6Ep

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      2d9e2dafe65b5503fbce184872aa87fb_JaffaCakes118

    • Size

      21KB

    • MD5

      2d9e2dafe65b5503fbce184872aa87fb

    • SHA1

      6f5cf4c80cc86bff3f78ef7de9b8809a5d72d0d9

    • SHA256

      0a0dd626cf0198bf3c0ab3e02a69c457d03c11694a45d0867bdff7db7804c0e2

    • SHA512

      74326c44bf36288b3eda201ac2f0317202df4e5f61a62abcb37cba5633a9703ad00a580a8e33a52e449021142f4c26be34aa019a09221ceb667f208834c99f73

    • SSDEEP

      384:oBQdvnWVAWMc+WZmV0KBKHEdrZgo6cnxJ7RE2mu1DU6EpE:NWVAW3A0u4kH6aJ7O7u1Y6Ep

    Score
    10/10
    discoverypersistence

    • Modifies WinLogon for persistence

      persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks