Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f49e0b097d67c21a318db444aa8813e6_JaffaCakes118

  • Size

    632KB

  • Sample

    240417-aaz6psga98

  • MD5

    f49e0b097d67c21a318db444aa8813e6

  • SHA1

    14e4369337857e19d9726b65041c574b7b2b3a66

  • SHA256

    75108791d60cf29751d836a614abd36bea9c23c66f080f41a434ada6be65196d

  • SHA512

    9335478e8661bcebfe0e4108d2527b358f7a4567937a016c91901ebff7ef0e55e21fa9ef04b619480f47c35f8dfb13cbd237e8108017d2f0b1c709ccf87236bb

  • SSDEEP

    6144:I2uNyWziInfDncpVARIVKgjYrZ/+edJXiRns9S3CBfC6MnLGbGPYCzVoLZ8FPrMW:cKpVIYjsmeR9YtHnabGdV6Zey

Malware Config

Targets

    • Target

      f49e0b097d67c21a318db444aa8813e6_JaffaCakes118

    • Size

      632KB

    • MD5

      f49e0b097d67c21a318db444aa8813e6

    • SHA1

      14e4369337857e19d9726b65041c574b7b2b3a66

    • SHA256

      75108791d60cf29751d836a614abd36bea9c23c66f080f41a434ada6be65196d

    • SHA512

      9335478e8661bcebfe0e4108d2527b358f7a4567937a016c91901ebff7ef0e55e21fa9ef04b619480f47c35f8dfb13cbd237e8108017d2f0b1c709ccf87236bb

    • SSDEEP

      6144:I2uNyWziInfDncpVARIVKgjYrZ/+edJXiRns9S3CBfC6MnLGbGPYCzVoLZ8FPrMW:cKpVIYjsmeR9YtHnabGdV6Zey

    • Modifies firewall policy service

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks