Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
465e45c4e49f5b650be5bfde6930f573_JaffaCakes118
-
Size
402KB
-
Sample
241015-hqfe8s1blc
-
MD5
465e45c4e49f5b650be5bfde6930f573
-
SHA1
713fac5ef5f32ec046c5896d25d7db2707286728
-
SHA256
2b00e17c80c19a6486359f07bfbb53cee1ee9eb17a6c6474ed35787cb173f304
-
SHA512
9285c3ecb7cc61f52229a05274e96ac48ab994932e5539a9efc2db917e199e3ae1013cbef6d397b34bb6adfbd484ca6c1c764a0b631e52372f5056cd8be3be37
-
SSDEEP
6144:9AHTR5aGw0uR4BbanG6bShfBldX/HYP0EFvCprT4oUDGjB97Z:9AHt50R45aAhJTPmHZ4rT4oUCjB9t
Static task
static1
Behavioral task
behavioral1
Sample
465e45c4e49f5b650be5bfde6930f573_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
465e45c4e49f5b650be5bfde6930f573_JaffaCakes118
-
Size
402KB
-
MD5
465e45c4e49f5b650be5bfde6930f573
-
SHA1
713fac5ef5f32ec046c5896d25d7db2707286728
-
SHA256
2b00e17c80c19a6486359f07bfbb53cee1ee9eb17a6c6474ed35787cb173f304
-
SHA512
9285c3ecb7cc61f52229a05274e96ac48ab994932e5539a9efc2db917e199e3ae1013cbef6d397b34bb6adfbd484ca6c1c764a0b631e52372f5056cd8be3be37
-
SSDEEP
6144:9AHTR5aGw0uR4BbanG6bShfBldX/HYP0EFvCprT4oUDGjB97Z:9AHt50R45aAhJTPmHZ4rT4oUCjB9t
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3