Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
451d8073e69e4ca14cba626553f24755_JaffaCakes118
-
Size
2.8MB
-
Sample
241015-bn3peswemf
-
MD5
451d8073e69e4ca14cba626553f24755
-
SHA1
2bd06aa070546ed780fda61f77875b7eff07ca6c
-
SHA256
655ec66ff682343e7688645d75ad2b5b1fb66057643a2ef851434db8e13ad5b1
-
SHA512
f1c1033acfc96f501ef7343ea6d0f4ba8fa694c2ce8ee671c83fc32da37794811209bcdd185440ea00ee7546e275a46083d7e1eabd1b6197dba64a4a9d917189
-
SSDEEP
24576:uMfmMfmMfmMfmMfmMfmMfmMfmMfmMfmMfmMfmMff:uffffffffffffa
Malware Config
Targets
-
-
Target
451d8073e69e4ca14cba626553f24755_JaffaCakes118
-
Size
2.8MB
-
MD5
451d8073e69e4ca14cba626553f24755
-
SHA1
2bd06aa070546ed780fda61f77875b7eff07ca6c
-
SHA256
655ec66ff682343e7688645d75ad2b5b1fb66057643a2ef851434db8e13ad5b1
-
SHA512
f1c1033acfc96f501ef7343ea6d0f4ba8fa694c2ce8ee671c83fc32da37794811209bcdd185440ea00ee7546e275a46083d7e1eabd1b6197dba64a4a9d917189
-
SSDEEP
24576:uMfmMfmMfmMfmMfmMfmMfmMfmMfmMfmMfmMfmMff:uffffffffffffa
Score10/10-
UAC bypass
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
3