Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    251d88ded7d28904953e15bf161b2163_JaffaCakes118

  • Size

    705KB

  • Sample

    240508-q11g6afd8v

  • MD5

    251d88ded7d28904953e15bf161b2163

  • SHA1

    3994f37523fe482f79043a72f8060744577d391f

  • SHA256

    58a3201d9038c81b083a57ac84e23e9702f9c4282a7d402c8223716c368cd1fc

  • SHA512

    62f3056d0ea26b2a4a2d16894fc0a917d8f5bbd3edb4497a1fe35a663a7c47f42fa0d1108523316adca835f5a2d604e8f56f4713b8b5d74702e3a40dd31c1564

  • SSDEEP

    12288:ZMMpXKb0hNGh1kG0HWnAmnU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtt:ZMMpXS0hN0V0HinSGB2uJ2s4otqFCJrb

Malware Config

Targets

    • Target

      251d88ded7d28904953e15bf161b2163_JaffaCakes118

    • Size

      705KB

    • MD5

      251d88ded7d28904953e15bf161b2163

    • SHA1

      3994f37523fe482f79043a72f8060744577d391f

    • SHA256

      58a3201d9038c81b083a57ac84e23e9702f9c4282a7d402c8223716c368cd1fc

    • SHA512

      62f3056d0ea26b2a4a2d16894fc0a917d8f5bbd3edb4497a1fe35a663a7c47f42fa0d1108523316adca835f5a2d604e8f56f4713b8b5d74702e3a40dd31c1564

    • SSDEEP

      12288:ZMMpXKb0hNGh1kG0HWnAmnU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtt:ZMMpXS0hN0V0HinSGB2uJ2s4otqFCJrb

    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks