Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_85d42b5c420227011a4af768f443a3a8
-
Size
129KB
-
Sample
250322-f9kg7ayth1
-
MD5
85d42b5c420227011a4af768f443a3a8
-
SHA1
d22b5759f7331c483d7bb5780a267ef171aa3fe5
-
SHA256
b194c460c0616b3c5bfc0e13950a7642a777b0927bb5036ecf1477042d1831e8
-
SHA512
14ca801115ead33c7c6897375fa8d16d9679ee7dbda980370ae3d83a456a664e0bda357f146e340029f775435759a6925c9b96a4d3da704f59b6fbb0cd57c485
-
SSDEEP
3072:OdCmj0KVZSXQ0yNPaaHw7Koj4rtuFeHiiaKL:OdC/K/3KeH
Malware Config
Targets
-
-
Target
JaffaCakes118_85d42b5c420227011a4af768f443a3a8
-
Size
129KB
-
MD5
85d42b5c420227011a4af768f443a3a8
-
SHA1
d22b5759f7331c483d7bb5780a267ef171aa3fe5
-
SHA256
b194c460c0616b3c5bfc0e13950a7642a777b0927bb5036ecf1477042d1831e8
-
SHA512
14ca801115ead33c7c6897375fa8d16d9679ee7dbda980370ae3d83a456a664e0bda357f146e340029f775435759a6925c9b96a4d3da704f59b6fbb0cd57c485
-
SSDEEP
3072:OdCmj0KVZSXQ0yNPaaHw7Koj4rtuFeHiiaKL:OdC/K/3KeH
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
5