Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...95.exe

windows7-x64

10

JaffaCakes...95.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_e18ab1e385fcc3f1b44bf51c070c7f95

  • Size

    524KB

  • Sample

    250120-j9kpqszpe1

  • MD5

    e18ab1e385fcc3f1b44bf51c070c7f95

  • SHA1

    abe55c2ceed151682ef9c27a457ec29791b7c01e

  • SHA256

    4b851113292f65082ba1d64244c0384cfaa39301adb582e394af13fe5bececa6

  • SHA512

    614ea4b4ceaf8fad69a8600e6dd03db4fbe28d212a649c9a363146e5c5b71c55cb79255fce69d783536d21ecf23f6f37aba6daa1017b5c047d80f9c6d8b7a437

  • SSDEEP

    12288:l6N+HfWXmO2AyBZ1BYoheKmBXwc2zR85SAHtO:3OXQ3BZbYownJuQSAHtO

Score
10/10
vobfusbootkitdefense_evasiondiscoverypersistenceupxworm

Malware Config

Targets

    • Target

      JaffaCakes118_e18ab1e385fcc3f1b44bf51c070c7f95

    • Size

      524KB

    • MD5

      e18ab1e385fcc3f1b44bf51c070c7f95

    • SHA1

      abe55c2ceed151682ef9c27a457ec29791b7c01e

    • SHA256

      4b851113292f65082ba1d64244c0384cfaa39301adb582e394af13fe5bececa6

    • SHA512

      614ea4b4ceaf8fad69a8600e6dd03db4fbe28d212a649c9a363146e5c5b71c55cb79255fce69d783536d21ecf23f6f37aba6daa1017b5c047d80f9c6d8b7a437

    • SSDEEP

      12288:l6N+HfWXmO2AyBZ1BYoheKmBXwc2zR85SAHtO:3OXQ3BZbYownJuQSAHtO

    Score
    10/10
    vobfusbootkitdefense_evasiondiscoverypersistenceupxworm

    • Vobfus

      A widespread worm which spreads via network drives and removable media.

      wormvobfus

    • Vobfus family

      vobfus

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

      defense_evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks