Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3805ed8a271ce1e3eb9c80ce61945ede_JaffaCakes118
-
Size
3.9MB
-
Sample
241012-cy1s9axgje
-
MD5
3805ed8a271ce1e3eb9c80ce61945ede
-
SHA1
80e33752670474d84478a62d0dd50e8f5d051ffc
-
SHA256
32f5183395c20856fa10399da6d5dde99135507b4125a7b2c0b957e9de37d8c1
-
SHA512
20a9e9f49369c97e195948b214955971e8f42356892f465e0edd72aaa778af6e9ba93a1ef53516321cba64fb0d7536d2d646a0abbe944e12106ebf585cfcabe3
-
SSDEEP
98304:waE9LOk6Nx4J8PG2cNS2fnzvWUvJYvtlyGviSJNIvB6j:ueH4J8Pi4onLWHLygHHj
Static task
static1
Behavioral task
behavioral1
Sample
3805ed8a271ce1e3eb9c80ce61945ede_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
3805ed8a271ce1e3eb9c80ce61945ede_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
3805ed8a271ce1e3eb9c80ce61945ede_JaffaCakes118
-
Size
3.9MB
-
MD5
3805ed8a271ce1e3eb9c80ce61945ede
-
SHA1
80e33752670474d84478a62d0dd50e8f5d051ffc
-
SHA256
32f5183395c20856fa10399da6d5dde99135507b4125a7b2c0b957e9de37d8c1
-
SHA512
20a9e9f49369c97e195948b214955971e8f42356892f465e0edd72aaa778af6e9ba93a1ef53516321cba64fb0d7536d2d646a0abbe944e12106ebf585cfcabe3
-
SSDEEP
98304:waE9LOk6Nx4J8PG2cNS2fnzvWUvJYvtlyGviSJNIvB6j:ueH4J8Pi4onLWHLygHHj
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1