Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e61a760972d6ad592d2fdcec6c231282_JaffaCakes118

  • Size

    300KB

  • Sample

    240407-3ds6sahf5s

  • MD5

    e61a760972d6ad592d2fdcec6c231282

  • SHA1

    172c5c66dddf7753a0e6916713b93a58ad42e3c0

  • SHA256

    bcfd9543c4086557265e6300ab399adf83ca638de210ec2ee11d5a50e8ae93f2

  • SHA512

    77549be7bda37b88de41b63544bce109e3ab94566445e8bb2cbf6d1bd7c004cd612b8ab97ec1e5cc15fbacc87fd14ccfb79d36b809262e059540b2816208eb8c

  • SSDEEP

    3072:Q18SouhTTtfiCXl+0LbLuO5aYd/5q6rsg2ZaZ/VuXQMul6mdoCom9QEst3FmcSDQ:G8Yd4iaYd/5EkhTlBy3Fmco

Score
10/10

Malware Config

Targets

    • Target

      e61a760972d6ad592d2fdcec6c231282_JaffaCakes118

    • Size

      300KB

    • MD5

      e61a760972d6ad592d2fdcec6c231282

    • SHA1

      172c5c66dddf7753a0e6916713b93a58ad42e3c0

    • SHA256

      bcfd9543c4086557265e6300ab399adf83ca638de210ec2ee11d5a50e8ae93f2

    • SHA512

      77549be7bda37b88de41b63544bce109e3ab94566445e8bb2cbf6d1bd7c004cd612b8ab97ec1e5cc15fbacc87fd14ccfb79d36b809262e059540b2816208eb8c

    • SSDEEP

      3072:Q18SouhTTtfiCXl+0LbLuO5aYd/5q6rsg2ZaZ/VuXQMul6mdoCom9QEst3FmcSDQ:G8Yd4iaYd/5EkhTlBy3Fmco

    Score
    10/10
    • Modifies firewall policy service

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks