Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
eaea461bf8256a5a403c4731390defc2_JaffaCakes118
-
Size
3.6MB
-
Sample
240410-m4ywysdd43
-
MD5
eaea461bf8256a5a403c4731390defc2
-
SHA1
c9d14867fa44115e3013cc9124afec81c1f8c577
-
SHA256
e928356a918ebacefaaeeec92f04ed129b16da29a6a448f60939e94fd2d36d74
-
SHA512
0a67151717161256f7bec079a5ca5e53989e30f3009668328d301a90932970b0abc1382d3de62245b360339adfb3b31f241ef5e5ec82e74195cced0805f34010
-
SSDEEP
98304:uO+IihUn4hqvAq4qJpZ05Re8WLqh0jdkzV9lI:uO+Iihu4ksqdee83h0jqza
Malware Config
Targets
-
-
Target
eaea461bf8256a5a403c4731390defc2_JaffaCakes118
-
Size
3.6MB
-
MD5
eaea461bf8256a5a403c4731390defc2
-
SHA1
c9d14867fa44115e3013cc9124afec81c1f8c577
-
SHA256
e928356a918ebacefaaeeec92f04ed129b16da29a6a448f60939e94fd2d36d74
-
SHA512
0a67151717161256f7bec079a5ca5e53989e30f3009668328d301a90932970b0abc1382d3de62245b360339adfb3b31f241ef5e5ec82e74195cced0805f34010
-
SSDEEP
98304:uO+IihUn4hqvAq4qJpZ05Re8WLqh0jdkzV9lI:uO+Iihu4ksqdee83h0jqza
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-