Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_bcea65735d99c38cb0b5e6493f40c53b
-
Size
433KB
-
Sample
250208-af279avmc1
-
MD5
bcea65735d99c38cb0b5e6493f40c53b
-
SHA1
02ab575ea1a70713622eaefb779a6bd4ab917ea8
-
SHA256
4e0f9e6733c4271fc053074990f397d2adafc7ea6960a3272e45f08fbac51b9d
-
SHA512
12f3254746f1c1f3a7a6508ddaa3c41e8178d0626872db044902658eacc024c3ce19ce846d064c0f8ed64e8a4f3c6b79556a837ee0f1962060c4a852487d6950
-
SSDEEP
6144:QpC2F8NXC796TB9vj480ifEEdq3hohwTiUCDzHO3tIuNlUpEf0:QTeVQkTrvj41GdqRl2UC3HO9FNlUis
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_bcea65735d99c38cb0b5e6493f40c53b.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_bcea65735d99c38cb0b5e6493f40c53b.exe
Resource
win10v2004-20250207-en
Malware Config
Targets
-
-
Target
JaffaCakes118_bcea65735d99c38cb0b5e6493f40c53b
-
Size
433KB
-
MD5
bcea65735d99c38cb0b5e6493f40c53b
-
SHA1
02ab575ea1a70713622eaefb779a6bd4ab917ea8
-
SHA256
4e0f9e6733c4271fc053074990f397d2adafc7ea6960a3272e45f08fbac51b9d
-
SHA512
12f3254746f1c1f3a7a6508ddaa3c41e8178d0626872db044902658eacc024c3ce19ce846d064c0f8ed64e8a4f3c6b79556a837ee0f1962060c4a852487d6950
-
SSDEEP
6144:QpC2F8NXC796TB9vj480ifEEdq3hohwTiUCDzHO3tIuNlUpEf0:QTeVQkTrvj41GdqRl2UC3HO9FNlUis
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3