Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_64911ce042821456b64f89a6d194ec70
-
Size
249KB
-
Sample
250102-mzgrwaymbw
-
MD5
64911ce042821456b64f89a6d194ec70
-
SHA1
5c96c64f0b76a21f29ede3bcd8d1361fecccbef4
-
SHA256
5de4df60f82b84a844af59b95c8082437decde0e9a1bd8d518ca9f9af81d9ebf
-
SHA512
6d6bf18af291a1b8bf1b678410c7b1e85083b11b19800e8e9ec8f956f17a918e59b216c69e67933e6e2fd3b6d1ebcc203ff367dbfbab4d708c2fe8528db1af61
-
SSDEEP
6144:1YqXg6jG1UnRHF561jqduXR5BH691YxThgej8tiu:VXTi10lCjqYX091YxThgTtiu
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_64911ce042821456b64f89a6d194ec70.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_64911ce042821456b64f89a6d194ec70.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
0.7d
HacKed
yesso.ddns.net:1177
1136aae10b58a0069ddd4349aceebe52
-
reg_key
1136aae10b58a0069ddd4349aceebe52
-
splitter
|'|'|
Targets
-
-
Target
JaffaCakes118_64911ce042821456b64f89a6d194ec70
-
Size
249KB
-
MD5
64911ce042821456b64f89a6d194ec70
-
SHA1
5c96c64f0b76a21f29ede3bcd8d1361fecccbef4
-
SHA256
5de4df60f82b84a844af59b95c8082437decde0e9a1bd8d518ca9f9af81d9ebf
-
SHA512
6d6bf18af291a1b8bf1b678410c7b1e85083b11b19800e8e9ec8f956f17a918e59b216c69e67933e6e2fd3b6d1ebcc203ff367dbfbab4d708c2fe8528db1af61
-
SSDEEP
6144:1YqXg6jG1UnRHF561jqduXR5BH691YxThgej8tiu:VXTi10lCjqYX091YxThgTtiu
-
Njrat family
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1