Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

5

JaffaCakes...49.exe

windows7-x64

6

JaffaCakes...49.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_c7d813cea14b7a2daf6494d57240df49

  • Size

    328KB

  • Sample

    250208-1wc66sxlem

  • MD5

    c7d813cea14b7a2daf6494d57240df49

  • SHA1

    ae80a488c1a0b2bf3ac0787a95b88188dde9c125

  • SHA256

    46dcbd27e8f2d205071d370f44dfa541474fab24e60ab1c1caf5c92553edbfbc

  • SHA512

    15ae3aa59d96dfd1062346301ce3caaf843ebee80636c528ab82aa89e9ff9fe0088e21134f9c4058e9ec97d920441a1cd231cfc503bd9edcbf1302a32793cff5

  • SSDEEP

    6144:xcMedZ3FTDSm9PXfrtVNgzSdVr3gRGPKuSUzz37+8bz2Y6+l/kE7fS6gSNlb:u9Z3FTDx9PP51T3dPNz37+8bzt6+HXgY

Score
8/10
bootkitdiscoverypersistenceupx

Malware Config

Targets

    • Target

      JaffaCakes118_c7d813cea14b7a2daf6494d57240df49

    • Size

      328KB

    • MD5

      c7d813cea14b7a2daf6494d57240df49

    • SHA1

      ae80a488c1a0b2bf3ac0787a95b88188dde9c125

    • SHA256

      46dcbd27e8f2d205071d370f44dfa541474fab24e60ab1c1caf5c92553edbfbc

    • SHA512

      15ae3aa59d96dfd1062346301ce3caaf843ebee80636c528ab82aa89e9ff9fe0088e21134f9c4058e9ec97d920441a1cd231cfc503bd9edcbf1302a32793cff5

    • SSDEEP

      6144:xcMedZ3FTDSm9PXfrtVNgzSdVr3gRGPKuSUzz37+8bz2Y6+l/kE7fS6gSNlb:u9Z3FTDx9PP51T3dPNz37+8bzt6+HXgY

    Score
    8/10
    bootkitdiscoverypersistenceupx

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks