Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

532f798fe6...18.exe

windows7-x64

9

532f798fe6...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    532f798fe6c66eab33258b0f0451826e_JaffaCakes118

  • Size

    96KB

  • Sample

    241017-xkrcwatbkr

  • MD5

    532f798fe6c66eab33258b0f0451826e

  • SHA1

    9aa0f8b76649583343a307a4ccbdae26ab6e0d13

  • SHA256

    cf880ad15b38faf97af44063945da6b8eca4f78624b799b595e73d653ca829e3

  • SHA512

    a866589c1a188151fa11fd2a3c39e05a1951ce984e80589fa5d44e30d50c0bd852ba37fc523915d2ce1e0cd611776a0b26333fafaa870dc675f9c20c40930c86

  • SSDEEP

    1536:W9JGlcQQ/mw4syoqCM8UB6dHGO8+3tjgHJ2+y+s+rRJWicMgwqQB+L:W9glcfmw4syGpUsdHGOh3tsH4ms6JWi8

Score
9/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      532f798fe6c66eab33258b0f0451826e_JaffaCakes118

    • Size

      96KB

    • MD5

      532f798fe6c66eab33258b0f0451826e

    • SHA1

      9aa0f8b76649583343a307a4ccbdae26ab6e0d13

    • SHA256

      cf880ad15b38faf97af44063945da6b8eca4f78624b799b595e73d653ca829e3

    • SHA512

      a866589c1a188151fa11fd2a3c39e05a1951ce984e80589fa5d44e30d50c0bd852ba37fc523915d2ce1e0cd611776a0b26333fafaa870dc675f9c20c40930c86

    • SSDEEP

      1536:W9JGlcQQ/mw4syoqCM8UB6dHGO8+3tjgHJ2+y+s+rRJWicMgwqQB+L:W9glcfmw4syGpUsdHGOh3tsH4ms6JWi8

    Score
    9/10
    discoverypersistencespywarestealer

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Account Manipulation

1
T1098

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Account Manipulation

1
T1098

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Network Service Discovery

1
T1046

Network Share Discovery

1
T1135

Peripheral Device Discovery

1
T1120

Permission Groups Discovery

1
T1069

Local Groups

1
T1069.001

Process Discovery

1
T1057

Query Registry

1
T1012

Remote System Discovery

1
T1018

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Connections Discovery

1
T1049

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks