Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    eaea461bf8256a5a403c4731390defc2_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240410-m4ywysdd43

  • MD5

    eaea461bf8256a5a403c4731390defc2

  • SHA1

    c9d14867fa44115e3013cc9124afec81c1f8c577

  • SHA256

    e928356a918ebacefaaeeec92f04ed129b16da29a6a448f60939e94fd2d36d74

  • SHA512

    0a67151717161256f7bec079a5ca5e53989e30f3009668328d301a90932970b0abc1382d3de62245b360339adfb3b31f241ef5e5ec82e74195cced0805f34010

  • SSDEEP

    98304:uO+IihUn4hqvAq4qJpZ05Re8WLqh0jdkzV9lI:uO+Iihu4ksqdee83h0jqza

Score
9/10

Malware Config

Targets

    • Target

      eaea461bf8256a5a403c4731390defc2_JaffaCakes118

    • Size

      3.6MB

    • MD5

      eaea461bf8256a5a403c4731390defc2

    • SHA1

      c9d14867fa44115e3013cc9124afec81c1f8c577

    • SHA256

      e928356a918ebacefaaeeec92f04ed129b16da29a6a448f60939e94fd2d36d74

    • SHA512

      0a67151717161256f7bec079a5ca5e53989e30f3009668328d301a90932970b0abc1382d3de62245b360339adfb3b31f241ef5e5ec82e74195cced0805f34010

    • SSDEEP

      98304:uO+IihUn4hqvAq4qJpZ05Re8WLqh0jdkzV9lI:uO+Iihu4ksqdee83h0jqza

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks