Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_7aaa8b1ca724ea23bcaf68edcc1227e9f2215eecb62e910ef2b73f282cff6e62
-
Size
290KB
-
Sample
241227-cljn7syrcn
-
MD5
d0935b18c8c4e688770bedde80cc75e3
-
SHA1
aa5c44e9f1a4c2169a67eb6a7919ab3daf4bd022
-
SHA256
7aaa8b1ca724ea23bcaf68edcc1227e9f2215eecb62e910ef2b73f282cff6e62
-
SHA512
40fb545ffd988f448e08bd67046b98cc8c420af2ddc5a8fa6a90653583cf48d46849f06b83fcf60941bc2f425622f34af6f04b9a29e6cf96d827a3520fed9fe0
-
SSDEEP
6144:E4/bmgFd/VXDta0m+6SXuZet0ySbTHgV51pstmNaj:HzVBa0x6SXuZet0ySbTY1psK
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_7aaa8b1ca724ea23bcaf68edcc1227e9f2215eecb62e910ef2b73f282cff6e62.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_7aaa8b1ca724ea23bcaf68edcc1227e9f2215eecb62e910ef2b73f282cff6e62.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
JaffaCakes118_7aaa8b1ca724ea23bcaf68edcc1227e9f2215eecb62e910ef2b73f282cff6e62
-
Size
290KB
-
MD5
d0935b18c8c4e688770bedde80cc75e3
-
SHA1
aa5c44e9f1a4c2169a67eb6a7919ab3daf4bd022
-
SHA256
7aaa8b1ca724ea23bcaf68edcc1227e9f2215eecb62e910ef2b73f282cff6e62
-
SHA512
40fb545ffd988f448e08bd67046b98cc8c420af2ddc5a8fa6a90653583cf48d46849f06b83fcf60941bc2f425622f34af6f04b9a29e6cf96d827a3520fed9fe0
-
SSDEEP
6144:E4/bmgFd/VXDta0m+6SXuZet0ySbTHgV51pstmNaj:HzVBa0x6SXuZet0ySbTY1psK
-
Tofsee family
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2