Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e2b811888bad86567d96143738e9f790_JaffaCakes118

  • Size

    111KB

  • Sample

    240406-rjt5gscb21

  • MD5

    e2b811888bad86567d96143738e9f790

  • SHA1

    0c038f42968cb99cee95243de70b3a232f1e4d97

  • SHA256

    a88380e76fa1bbba6ae3aee96656279504db80349878352e10508b3e68fda9f2

  • SHA512

    3cc242dd80b556de228a4f0a10fefd2a2d6bb106bb7f821f7a9f1ca81170f63e3bcf666c8c21211fecc16875bac886cd2bee7d19ce2a0d43f38aa91f7b666737

  • SSDEEP

    3072:yj/Egv71JjPFlEbA52nSXi2Gm4W1Zc1SLnKVX2mP3:4/Egv7bN92eisvBLeX2mP3

Malware Config

Targets

    • Target

      e2b811888bad86567d96143738e9f790_JaffaCakes118

    • Size

      111KB

    • MD5

      e2b811888bad86567d96143738e9f790

    • SHA1

      0c038f42968cb99cee95243de70b3a232f1e4d97

    • SHA256

      a88380e76fa1bbba6ae3aee96656279504db80349878352e10508b3e68fda9f2

    • SHA512

      3cc242dd80b556de228a4f0a10fefd2a2d6bb106bb7f821f7a9f1ca81170f63e3bcf666c8c21211fecc16875bac886cd2bee7d19ce2a0d43f38aa91f7b666737

    • SSDEEP

      3072:yj/Egv71JjPFlEbA52nSXi2Gm4W1Zc1SLnKVX2mP3:4/Egv7bN92eisvBLeX2mP3

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks