Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e61bc53718b25dc4633c1b29965ffbea_JaffaCakes118

  • Size

    32KB

  • Sample

    240407-3fkmeshh49

  • MD5

    e61bc53718b25dc4633c1b29965ffbea

  • SHA1

    d58803c1998732bc23118ec79b121198caf71762

  • SHA256

    34b472276686af29527e51e32a32eddcaad8b0a46a4a2468e8dd5e5add196288

  • SHA512

    f205ae2ef3a0c0dc3c3c8c2097af126d3e060493217c36d103eecfeeb9dbd3d9bf04b44378050880beb3e80aff9536dcf3e8d0936b2ce435a4c3c161b448c8df

  • SSDEEP

    768:n1hIqcsSzRiSsJhJhoENvIaQ1ni/Ps1IUcLyoGNkFt68c+1k:0qcvTshhbJ2IXs2n8ac9

Malware Config

Targets

    • Target

      e61bc53718b25dc4633c1b29965ffbea_JaffaCakes118

    • Size

      32KB

    • MD5

      e61bc53718b25dc4633c1b29965ffbea

    • SHA1

      d58803c1998732bc23118ec79b121198caf71762

    • SHA256

      34b472276686af29527e51e32a32eddcaad8b0a46a4a2468e8dd5e5add196288

    • SHA512

      f205ae2ef3a0c0dc3c3c8c2097af126d3e060493217c36d103eecfeeb9dbd3d9bf04b44378050880beb3e80aff9536dcf3e8d0936b2ce435a4c3c161b448c8df

    • SSDEEP

      768:n1hIqcsSzRiSsJhJhoENvIaQ1ni/Ps1IUcLyoGNkFt68c+1k:0qcvTshhbJ2IXs2n8ac9

    • Windows security bypass

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Modifies Windows Firewall

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks