aa54237629b8c2d8c89072b0605565e55994ca9e7ce83932206cf0f62a8c3d1c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

JaffaCakes...65.exe

windows7-x64

7

JaffaCakes...65.exe

windows10-2004-x64

7

Sharing

General

Target

JaffaCakes118_8a9c41932cb7b64c82dfc6277b48d365
Size

172KB
Sample

250328-m5keysvwas
MD5

8a9c41932cb7b64c82dfc6277b48d365
SHA1

06ffa1f2a694a87abc49a542bb188685c8031d55
SHA256

aa54237629b8c2d8c89072b0605565e55994ca9e7ce83932206cf0f62a8c3d1c
SHA512

b42550dd058a49f0ae580fb994a121b43e198cf6c82f98cb3951c12c29105e6a450ab5c59043e0bb25b1e69d81412cf7f212db5425299fcf1b66c9746ccf28eb
SSDEEP

3072:v/wNH7x6QHEhw+LJCdiPMq2ZcmiX8A4V1V18hSdsmW/ifvfeNFeSclO19Wrk:vo7xCHJlPMRZcLX8A41XdVGNFeSclq9

Score

7^/10

discovery persistence privilege_escalation

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_8a9c41932cb7b64c82dfc6277b48d365.exe

Resource

win7-20240903-en

discovery persistence privilege_escalation

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_8a9c41932cb7b64c82dfc6277b48d365.exe

Resource

win10v2004-20250314-en

discovery persistence privilege_escalation

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_8a9c41932cb7b64c82dfc6277b48d365
- Size
  
  172KB
- MD5
  
  8a9c41932cb7b64c82dfc6277b48d365
- SHA1
  
  06ffa1f2a694a87abc49a542bb188685c8031d55
- SHA256
  
  aa54237629b8c2d8c89072b0605565e55994ca9e7ce83932206cf0f62a8c3d1c
- SHA512
  
  b42550dd058a49f0ae580fb994a121b43e198cf6c82f98cb3951c12c29105e6a450ab5c59043e0bb25b1e69d81412cf7f212db5425299fcf1b66c9746ccf28eb
- SSDEEP
  
  3072:v/wNH7x6QHEhw+LJCdiPMq2ZcmiX8A4V1V18hSdsmW/ifvfeNFeSclO19Wrk:vo7xCHJlPMRZcLX8A41XdVGNFeSclq9
Score

7^/10

discovery persistence privilege_escalation
- Deletes itself
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy