Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118

  • Size

    2.0MB

  • Sample

    240508-aabhcafe4x

  • MD5

    224e57fbadf6b2a5f81c5ea8a7b22485

  • SHA1

    c9453e924abc7e77d5297d2e5fbf6299fcf03021

  • SHA256

    499099814d838592ea0df39fb8d408a3cd64e5c1e1a05892346a14df5b7a6a3c

  • SHA512

    4adc27ed82faf49cd44aa9134becbab48ea920c2a6d6fb8f09d33988347acd7b3d187d60594c58e2bc53d28053c73d18a6baa279321c4f2c1b5d914c26a7cf59

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5I4TNrpDGgDQzA9Mv:NABN

Malware Config

Targets

    • Target

      224e57fbadf6b2a5f81c5ea8a7b22485_JaffaCakes118

    • Size

      2.0MB

    • MD5

      224e57fbadf6b2a5f81c5ea8a7b22485

    • SHA1

      c9453e924abc7e77d5297d2e5fbf6299fcf03021

    • SHA256

      499099814d838592ea0df39fb8d408a3cd64e5c1e1a05892346a14df5b7a6a3c

    • SHA512

      4adc27ed82faf49cd44aa9134becbab48ea920c2a6d6fb8f09d33988347acd7b3d187d60594c58e2bc53d28053c73d18a6baa279321c4f2c1b5d914c26a7cf59

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5I4TNrpDGgDQzA9Mv:NABN

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks