Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240418-nz4gbadd61

  • MD5

    f7ee68b97bd38a8183e9ad6f6492b4a0

  • SHA1

    46aa2be1a5066468eb44f4dcbbb8dfa5cd403bd5

  • SHA256

    5b0441e323f6038785b1fb7e98799f083d4ab1f333c18c7085fdf50f77c09e3a

  • SHA512

    0d465ea27b4f87ff108604a465628d957e7e82eb01b2631008870f73b424dd884002bed39ae813ef35fdf32b1c2f0ad2983c095625295ea27ab2356fedaef66b

  • SSDEEP

    24576:8Etl9mRda1hSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvt:PEs1ckyrnF

Score
10/10

Malware Config

Targets

    • Target

      f7ee68b97bd38a8183e9ad6f6492b4a0_JaffaCakes118

    • Size

      1.8MB

    • MD5

      f7ee68b97bd38a8183e9ad6f6492b4a0

    • SHA1

      46aa2be1a5066468eb44f4dcbbb8dfa5cd403bd5

    • SHA256

      5b0441e323f6038785b1fb7e98799f083d4ab1f333c18c7085fdf50f77c09e3a

    • SHA512

      0d465ea27b4f87ff108604a465628d957e7e82eb01b2631008870f73b424dd884002bed39ae813ef35fdf32b1c2f0ad2983c095625295ea27ab2356fedaef66b

    • SSDEEP

      24576:8Etl9mRda1hSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvt:PEs1ckyrnF

    Score
    10/10
    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks