Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...bd.exe

windows7-x64

10

JaffaCakes...bd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_d9c3619d817b64930691f628f4e264bd

  • Size

    208KB

  • Sample

    250210-k49bkswqhw

  • MD5

    d9c3619d817b64930691f628f4e264bd

  • SHA1

    b7d6087f47e90463ded34aa72ffa249402d0ac27

  • SHA256

    31103981353b7689abc6ad4a3a2b7b48fb92de59b7f344faaf05aaca7f4e4cf2

  • SHA512

    2a7b0f1c1fa4952684ba7d1ec67af26859ac3c5fcf1c5f7f73ba510f397b20a5f226960552160ad55c77ab7a7c9f4b417be3b9bea4041fee5f4194acde7f4d29

  • SSDEEP

    6144:9nKNcFl7mMdGCUoY1dJ6MlaKqqqqqqqqqqqqqqO:oKRWfJBTqqqqqqqqqqqqqq

Score
10/10
bootkitdefense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      JaffaCakes118_d9c3619d817b64930691f628f4e264bd

    • Size

      208KB

    • MD5

      d9c3619d817b64930691f628f4e264bd

    • SHA1

      b7d6087f47e90463ded34aa72ffa249402d0ac27

    • SHA256

      31103981353b7689abc6ad4a3a2b7b48fb92de59b7f344faaf05aaca7f4e4cf2

    • SHA512

      2a7b0f1c1fa4952684ba7d1ec67af26859ac3c5fcf1c5f7f73ba510f397b20a5f226960552160ad55c77ab7a7c9f4b417be3b9bea4041fee5f4194acde7f4d29

    • SSDEEP

      6144:9nKNcFl7mMdGCUoY1dJ6MlaKqqqqqqqqqqqqqqO:oKRWfJBTqqqqqqqqqqqqqq

    Score
    10/10
    bootkitdefense_evasiondiscoverypersistence

    • Modifies firewall policy service

      defense_evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.