Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e34f8f0f44553a2a900eb883ebd6e47b_JaffaCakes118

  • Size

    998KB

  • Sample

    240406-z67cbsbc2y

  • MD5

    e34f8f0f44553a2a900eb883ebd6e47b

  • SHA1

    ae248c0da65d58477e369f273ec9dfd430d6e68d

  • SHA256

    7b965745d195758847cde9e553793844848162faeaa782f71accd523c4e139af

  • SHA512

    3ddc41028cc54a556c60aedca903f560af1814ce2f76a61a4bc619aea4174e50c202978654f11a79ab501c13f5bf2ef6a3e83320f8a9f986cb0bb0ad760657a6

  • SSDEEP

    24576:IEgUJ+Lvx9d5+4xFBS5HhvoFQUmIjq+T0mmcSv:uW4OHVKmIOq4v

Malware Config

Targets

    • Target

      e34f8f0f44553a2a900eb883ebd6e47b_JaffaCakes118

    • Size

      998KB

    • MD5

      e34f8f0f44553a2a900eb883ebd6e47b

    • SHA1

      ae248c0da65d58477e369f273ec9dfd430d6e68d

    • SHA256

      7b965745d195758847cde9e553793844848162faeaa782f71accd523c4e139af

    • SHA512

      3ddc41028cc54a556c60aedca903f560af1814ce2f76a61a4bc619aea4174e50c202978654f11a79ab501c13f5bf2ef6a3e83320f8a9f986cb0bb0ad760657a6

    • SSDEEP

      24576:IEgUJ+Lvx9d5+4xFBS5HhvoFQUmIjq+T0mmcSv:uW4OHVKmIOq4v

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks