Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2c985167149b7ef64306f58a41a9890e_JaffaCakes118

  • Size

    624KB

  • Sample

    240510-bgtsyahg3w

  • MD5

    2c985167149b7ef64306f58a41a9890e

  • SHA1

    c00ef9139509079ec2bd0e009639df7a0507ddb7

  • SHA256

    8298be3054f9f33b629b53757659873ad12b81b3f7038e0cd39fa0131f1553a3

  • SHA512

    a9a927ec137ddcca84ca2ad6f628844981f78dbc156e2a521b4a16790ae5894389ec5105c0612faa23aef549b825da81beca5ef57aea6c1ca49ff9de9e94ef90

  • SSDEEP

    12288:ZMMpXKb0hNGh1kG0HWnAlU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtl4:ZMMpXS0hN0V0HZSGB2uJ2s4otqFCJrWF

Malware Config

Targets

    • Target

      2c985167149b7ef64306f58a41a9890e_JaffaCakes118

    • Size

      624KB

    • MD5

      2c985167149b7ef64306f58a41a9890e

    • SHA1

      c00ef9139509079ec2bd0e009639df7a0507ddb7

    • SHA256

      8298be3054f9f33b629b53757659873ad12b81b3f7038e0cd39fa0131f1553a3

    • SHA512

      a9a927ec137ddcca84ca2ad6f628844981f78dbc156e2a521b4a16790ae5894389ec5105c0612faa23aef549b825da81beca5ef57aea6c1ca49ff9de9e94ef90

    • SSDEEP

      12288:ZMMpXKb0hNGh1kG0HWnAlU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtl4:ZMMpXS0hN0V0HZSGB2uJ2s4otqFCJrWF

    • Modifies WinLogon for persistence

    • Renames multiple (93) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Drops startup file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks