Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2s -
max time network
7s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
17/10/2024, 16:59
Static task
static1
Behavioral task
behavioral1
Sample
52bcb68bd9014fb692a49b610635c2a9_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
52bcb68bd9014fb692a49b610635c2a9_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Errors
General
-
Target
52bcb68bd9014fb692a49b610635c2a9_JaffaCakes118.exe
-
Size
529KB
-
MD5
52bcb68bd9014fb692a49b610635c2a9
-
SHA1
f93b41ee9b979e25903948dc939af3e0711eb751
-
SHA256
440de5c3ce1c9cf276516354babcae98f726b2f6a16d747f5ca2154b0e450410
-
SHA512
9feedd8762dd3e6d3069e9bfcae5b26b0cc0e8bf6a377cec07c4e2a5132ca5d5814b0a66db52711a521401ab02d3caa49b38f7ad47d0fda45f401d0c73c7696d
-
SSDEEP
12288:H30ur0KrSJ/Q00FxSP0yr+oJ+MH8rsHpd6JOCi:Nr0raxFQP03a9HP6Fi
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PHYSICALDRIVE0 52bcb68bd9014fb692a49b610635c2a9_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeShutdownPrivilege 2820 52bcb68bd9014fb692a49b610635c2a9_JaffaCakes118.exe