Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

JaffaCakes...50.exe

windows7-x64

8

JaffaCakes...50.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_d9a7f7759b01e27f2901d2fce7fce750

  • Size

    684KB

  • Sample

    250210-kyc17awpfv

  • MD5

    d9a7f7759b01e27f2901d2fce7fce750

  • SHA1

    4b00d952739156dfbf1b33a8b252f6aa0e343158

  • SHA256

    ab409a7c2cb53e0cc61c39162a48947931c6eeca8df2dad4635a5515738eaf14

  • SHA512

    f17046fd4c571cb573dcd554d3175709f9692fdf3a4aae3f401ee6f73d4943b68a317acefc8bcb6d6bc649d118a28002d1c30af571a850666246a310534aaa84

  • SSDEEP

    12288:yWgo3WTqtKS3l6liAcPrvSTY8EreWdD4kuVKPKERKMuTmJaTjJnWUE580ChqmB/r:yWgo3SqES168PbwYAkFuVKPKMuTeaHJd

Score
8/10
adwarebootkitdiscoverypersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_d9a7f7759b01e27f2901d2fce7fce750

    • Size

      684KB

    • MD5

      d9a7f7759b01e27f2901d2fce7fce750

    • SHA1

      4b00d952739156dfbf1b33a8b252f6aa0e343158

    • SHA256

      ab409a7c2cb53e0cc61c39162a48947931c6eeca8df2dad4635a5515738eaf14

    • SHA512

      f17046fd4c571cb573dcd554d3175709f9692fdf3a4aae3f401ee6f73d4943b68a317acefc8bcb6d6bc649d118a28002d1c30af571a850666246a310534aaa84

    • SSDEEP

      12288:yWgo3WTqtKS3l6liAcPrvSTY8EreWdD4kuVKPKERKMuTmJaTjJnWUE580ChqmB/r:yWgo3SqES168PbwYAkFuVKPKMuTeaHJd

    Score
    8/10
    adwarebootkitdiscoverypersistencestealer

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks