Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5656d0479ebae0a00921838af36e3339_JaffaCakes118
-
Size
168KB
-
Sample
241018-j111csyfjj
-
MD5
5656d0479ebae0a00921838af36e3339
-
SHA1
a4390d2ccca585684b3f2f88e423872e9d58faab
-
SHA256
1e38d1591e7be09e9b957d600438351dc956a3aae1baba7f797c099cb1f89433
-
SHA512
44cabddef6460042b63076fdd7ece32f276fc2e0bb909873a65520c2ced015ae4341ad7f7caeee13f7ee1c0d46e8532c04e79892d23ecba9c68f799b3bfa0017
-
SSDEEP
3072:nnWXFyNV18vM3ksRqK/GVPE2euy4GR97vj:nDNf8EksgK8EXusX77
Malware Config
Targets
-
-
Target
5656d0479ebae0a00921838af36e3339_JaffaCakes118
-
Size
168KB
-
MD5
5656d0479ebae0a00921838af36e3339
-
SHA1
a4390d2ccca585684b3f2f88e423872e9d58faab
-
SHA256
1e38d1591e7be09e9b957d600438351dc956a3aae1baba7f797c099cb1f89433
-
SHA512
44cabddef6460042b63076fdd7ece32f276fc2e0bb909873a65520c2ced015ae4341ad7f7caeee13f7ee1c0d46e8532c04e79892d23ecba9c68f799b3bfa0017
-
SSDEEP
3072:nnWXFyNV18vM3ksRqK/GVPE2euy4GR97vj:nDNf8EksgK8EXusX77
Score10/10-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1