Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fd6adced194a9854b26a2a622b53fed6_JaffaCakes118

  • Size

    138KB

  • Sample

    240420-xm2lmafh5z

  • MD5

    fd6adced194a9854b26a2a622b53fed6

  • SHA1

    f98bae76e4577c80ff19380df1bf0dc653507597

  • SHA256

    79df06218d4e6cd4fa92da8469204b1c6da29593b17ee837ec30704fb5868945

  • SHA512

    4c30dc5980268d69fee14724b32e0700cc608182fb8e802d5a1c5786f769394160aa39595dd27123f96ff067b76586a852a119abc48114921f4e4904ad91ed14

  • SSDEEP

    3072:7qwcT3m86A/fn7JRk+9MZAphegNHCllRH9LWHOo5qCx6l/jHnQsQe:7qwcTWVA/v7fk+9MGphegNHCzOu/jQst

Malware Config

Targets

    • Target

      fd6adced194a9854b26a2a622b53fed6_JaffaCakes118

    • Size

      138KB

    • MD5

      fd6adced194a9854b26a2a622b53fed6

    • SHA1

      f98bae76e4577c80ff19380df1bf0dc653507597

    • SHA256

      79df06218d4e6cd4fa92da8469204b1c6da29593b17ee837ec30704fb5868945

    • SHA512

      4c30dc5980268d69fee14724b32e0700cc608182fb8e802d5a1c5786f769394160aa39595dd27123f96ff067b76586a852a119abc48114921f4e4904ad91ed14

    • SSDEEP

      3072:7qwcT3m86A/fn7JRk+9MZAphegNHCllRH9LWHOo5qCx6l/jHnQsQe:7qwcTWVA/v7fk+9MGphegNHCzOu/jQst

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks