Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

JaffaCakes...8.html

windows10-ltsc 2021-x64

Resubmissions

25/02/2025, 16:10 UTC

250225-tmwhtsvpz5 3

28/01/2025, 16:58 UTC

250128-vg68tavpgw 3

28/01/2025, 16:28 UTC

250128-tys7vavjd1 5

27/01/2025, 16:24 UTC

250127-twh9vsxjhy 6

27/01/2025, 16:23 UTC

250127-tvw5bsxpcl 1

27/01/2025, 16:22 UTC

250127-tt83haxjcx 1

27/01/2025, 16:16 UTC

250127-tqthmswqgx 8

27/01/2025, 02:40 UTC

250127-c5ymgaxndr 10

25/01/2025, 04:07 UTC

250125-epynmsvndw 4

24/01/2025, 16:04 UTC

250124-th4cwawmhv 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_1d93e8597dd860cf81cd913c4b997818

  • Size

    25KB

  • Sample

    250117-t8sdaswphz

  • MD5

    1d93e8597dd860cf81cd913c4b997818

  • SHA1

    a7dacf6a32b194720a87130a16f2222c44f036eb

  • SHA256

    6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d

  • SHA512

    c35592acafe20b18914ba7ee31201faa7534136df292d7c14436fb3bcbdd5f07b96b3b63897509068b8263ec4e12f55e192de027996dac8e63e08712fb891e98

  • SSDEEP

    384:PqlIcCtF4JVGTHyk9v1o99t5W9ISFaTGHx6QckT/gbpLOXguLZ:sZtSF5zg9ExLZ

Score
8/10
adwaredefense_evasiondiscoverypersistenceprivilege_escalationstealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_1d93e8597dd860cf81cd913c4b997818

    • Size

      25KB

    • MD5

      1d93e8597dd860cf81cd913c4b997818

    • SHA1

      a7dacf6a32b194720a87130a16f2222c44f036eb

    • SHA256

      6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d

    • SHA512

      c35592acafe20b18914ba7ee31201faa7534136df292d7c14436fb3bcbdd5f07b96b3b63897509068b8263ec4e12f55e192de027996dac8e63e08712fb891e98

    • SSDEEP

      384:PqlIcCtF4JVGTHyk9v1o99t5W9ISFaTGHx6QckT/gbpLOXguLZ:sZtSF5zg9ExLZ

    Score
    8/10
    adwaredefense_evasiondiscoverypersistenceprivilege_escalationstealerupx

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • System Binary Proxy Execution: Verclsid

      Adversaries may abuse Verclsid to proxy execution of malicious code.

      defense_evasion

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Browser Extensions

1
T1176

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Modify Registry

5
T1112

System Binary Proxy Execution

1
T1218

Verclsid

1
T1218.012

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

7
T1012

System Information Discovery

6
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.