Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1412d60920ca86f26dfdbedda2e3786f_JaffaCakes118
-
Size
472KB
-
Sample
240504-xqz7zaff9w
-
MD5
1412d60920ca86f26dfdbedda2e3786f
-
SHA1
44843fc5affe697b65fc9431a6f7d4d0d28ced91
-
SHA256
af4bd528b68ac052bb8d00f76e0490f636bbcfd8bafeb02e0ca9cf6a5568ea42
-
SHA512
fc7151cabfca31f852e21a4db1368f0b1f8135c721bb5cb3117b10b6105d63f657082c8c3c9c7ea752d6c75dd6c23b99a9b5ff8b461a059063db2b2ba448280a
-
SSDEEP
6144:Bylu6uz5Y49Bqi5qZ366VuUxY9tRElNCgeVTiARduu0npl:0lpMjof3B8UxYbwCXVTRduJ
Static task
static1
Behavioral task
behavioral1
Sample
1412d60920ca86f26dfdbedda2e3786f_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1412d60920ca86f26dfdbedda2e3786f_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+kjxek.txt
http://t54ndnku456ngkwsudqer.wallymac.com/2E467B70BD69ED24
http://po4dbsjbneljhrlbvaueqrgveatv.bonmawp.at/2E467B70BD69ED24
http://hrfgd74nfksjdcnnklnwefvdsf.materdunst.com/2E467B70BD69ED24
http://xlowfznrg4wf7dli.onion/2E467B70BD69ED24
Targets
-
-
Target
1412d60920ca86f26dfdbedda2e3786f_JaffaCakes118
-
Size
472KB
-
MD5
1412d60920ca86f26dfdbedda2e3786f
-
SHA1
44843fc5affe697b65fc9431a6f7d4d0d28ced91
-
SHA256
af4bd528b68ac052bb8d00f76e0490f636bbcfd8bafeb02e0ca9cf6a5568ea42
-
SHA512
fc7151cabfca31f852e21a4db1368f0b1f8135c721bb5cb3117b10b6105d63f657082c8c3c9c7ea752d6c75dd6c23b99a9b5ff8b461a059063db2b2ba448280a
-
SSDEEP
6144:Bylu6uz5Y49Bqi5qZ366VuUxY9tRElNCgeVTiARduu0npl:0lpMjof3B8UxYbwCXVTRduJ
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (378) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-