Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    06faac3605f8a1fb2d06a5d320422213_JaffaCakes118

  • Size

    3.1MB

  • Sample

    240429-gry4asce9s

  • MD5

    06faac3605f8a1fb2d06a5d320422213

  • SHA1

    414301f64972426195164e32fad4d239f9ebefba

  • SHA256

    79a976cff73a10a848ef2f53c10aaa9ce73d6a908562953506458b157bc16d11

  • SHA512

    542d08b6214828eb5b8d04c250feaca099f8122b9291e299d2c536c3a58714495336acb4a527dde6d29badfdc3e192b60fe1dbfcc52948e76e8a6b8c385cd0bb

  • SSDEEP

    49152:+UJ6ZNXox4SgJhBsfHJq/nCFT4Mv0Pt97R:+tR4xGnCtvwV

Malware Config

Targets

    • Target

      06faac3605f8a1fb2d06a5d320422213_JaffaCakes118

    • Size

      3.1MB

    • MD5

      06faac3605f8a1fb2d06a5d320422213

    • SHA1

      414301f64972426195164e32fad4d239f9ebefba

    • SHA256

      79a976cff73a10a848ef2f53c10aaa9ce73d6a908562953506458b157bc16d11

    • SHA512

      542d08b6214828eb5b8d04c250feaca099f8122b9291e299d2c536c3a58714495336acb4a527dde6d29badfdc3e192b60fe1dbfcc52948e76e8a6b8c385cd0bb

    • SSDEEP

      49152:+UJ6ZNXox4SgJhBsfHJq/nCFT4Mv0Pt97R:+tR4xGnCtvwV

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks