Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    187a052ff11cb16228342428d241f1a8_JaffaCakes118

  • Size

    212KB

  • Sample

    240329-e553nahg91

  • MD5

    187a052ff11cb16228342428d241f1a8

  • SHA1

    fae50f317e402eb991e700f7133714c5409edabd

  • SHA256

    652cc475d34cde0f13c4b5640f43ee7908b17dd117a6361c07d2f04787b4c826

  • SHA512

    3e52a272c7d1a00ff4e8b13329a379f3232932db9aece327db4fdbdff988fed72576036aee1ca71028d6b96532ed6e6258ea14624a3475240913bddb63ec2288

  • SSDEEP

    6144:EEd+RUDTBLse1t/yh/QdSM5KslH3v/9Od+HFHiI+pu3:EE53BLsOQQdiE3v/9OdiUm

Malware Config

Targets

    • Target

      187a052ff11cb16228342428d241f1a8_JaffaCakes118

    • Size

      212KB

    • MD5

      187a052ff11cb16228342428d241f1a8

    • SHA1

      fae50f317e402eb991e700f7133714c5409edabd

    • SHA256

      652cc475d34cde0f13c4b5640f43ee7908b17dd117a6361c07d2f04787b4c826

    • SHA512

      3e52a272c7d1a00ff4e8b13329a379f3232932db9aece327db4fdbdff988fed72576036aee1ca71028d6b96532ed6e6258ea14624a3475240913bddb63ec2288

    • SSDEEP

      6144:EEd+RUDTBLse1t/yh/QdSM5KslH3v/9Od+HFHiI+pu3:EE53BLsOQQdiE3v/9OdiUm

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (81) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks