Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1caae598f7385ec3a7480a7dfb9e059a_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240329-jpdqpadd78

  • MD5

    1caae598f7385ec3a7480a7dfb9e059a

  • SHA1

    236545e3b19703c942caee2d380b8f475b34b29f

  • SHA256

    15dbec53eec39a12947a6e575d5b722aeff28a0d5ae5529c20d5995f8a02c8d2

  • SHA512

    62392b4ad9b7b6cb77d11e60d8f7d0c80653aec4c469f557ac207e0b1f7df55432b779b87fe5ae8350d03c54daf238fafa80bf12f6f29c2561433a594bbf2209

  • SSDEEP

    98304:ABQPJ7Id7A6gp7b0wWxCqmLDux+9y+g5Ld43zM7xLGhGJ:ABQPJ7+7ATp7b1WxrmXu+yI3zM7RGIJ

Malware Config

Targets

    • Target

      1caae598f7385ec3a7480a7dfb9e059a_JaffaCakes118

    • Size

      3.6MB

    • MD5

      1caae598f7385ec3a7480a7dfb9e059a

    • SHA1

      236545e3b19703c942caee2d380b8f475b34b29f

    • SHA256

      15dbec53eec39a12947a6e575d5b722aeff28a0d5ae5529c20d5995f8a02c8d2

    • SHA512

      62392b4ad9b7b6cb77d11e60d8f7d0c80653aec4c469f557ac207e0b1f7df55432b779b87fe5ae8350d03c54daf238fafa80bf12f6f29c2561433a594bbf2209

    • SSDEEP

      98304:ABQPJ7Id7A6gp7b0wWxCqmLDux+9y+g5Ld43zM7xLGhGJ:ABQPJ7+7ATp7b1WxrmXu+yI3zM7RGIJ

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks