Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1f034a17091b7512212a6d875967f38c_JaffaCakes118

  • Size

    907KB

  • Sample

    240507-b32exacg3x

  • MD5

    1f034a17091b7512212a6d875967f38c

  • SHA1

    aeb5dd8c9a0fc2d938469a463c7e67ea8a89fa09

  • SHA256

    9b96179fdb2583c44dc0039d92e321ab3a44307ea045b7a98e3c245c0b2691c9

  • SHA512

    90cc130115eb72cc37e3ac94d127af46e159f42424bc1117524962ea0014e89838c0dfa35e4098308d7964f76b9494990c4af4ef9861db5f259cb32f58552526

  • SSDEEP

    24576:TEtl9mRda1cSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvl:oEs1hz

Score
10/10

Malware Config

Targets

    • Target

      1f034a17091b7512212a6d875967f38c_JaffaCakes118

    • Size

      907KB

    • MD5

      1f034a17091b7512212a6d875967f38c

    • SHA1

      aeb5dd8c9a0fc2d938469a463c7e67ea8a89fa09

    • SHA256

      9b96179fdb2583c44dc0039d92e321ab3a44307ea045b7a98e3c245c0b2691c9

    • SHA512

      90cc130115eb72cc37e3ac94d127af46e159f42424bc1117524962ea0014e89838c0dfa35e4098308d7964f76b9494990c4af4ef9861db5f259cb32f58552526

    • SSDEEP

      24576:TEtl9mRda1cSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvl:oEs1hz

    Score
    10/10
    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks