Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    621cfb12233c7432f6881347bded5a57_JaffaCakes118

  • Size

    132KB

  • Sample

    240521-fnh28shh75

  • MD5

    621cfb12233c7432f6881347bded5a57

  • SHA1

    ab871369a1d336031620c6938d87a9ef69ee03ba

  • SHA256

    07b22a0e85c4f95916a66a6f603adbfd5f152fa2dcaf19603fb95e0dafcc099c

  • SHA512

    c5e365b035ca4dbfe98b2d483dd398c247e688155ca272fcd8271ead64cd23a1a7a928172d8c258c8f48290d9097050defaf873bde60570d5465ab341045266d

  • SSDEEP

    3072:+D4beJt/UAKF4ba3Hwi573QVx78b4Mt2rXH4Mzm:+D4+t/Uia3H153KK2EMS

Malware Config

Targets

    • Target

      621cfb12233c7432f6881347bded5a57_JaffaCakes118

    • Size

      132KB

    • MD5

      621cfb12233c7432f6881347bded5a57

    • SHA1

      ab871369a1d336031620c6938d87a9ef69ee03ba

    • SHA256

      07b22a0e85c4f95916a66a6f603adbfd5f152fa2dcaf19603fb95e0dafcc099c

    • SHA512

      c5e365b035ca4dbfe98b2d483dd398c247e688155ca272fcd8271ead64cd23a1a7a928172d8c258c8f48290d9097050defaf873bde60570d5465ab341045266d

    • SSDEEP

      3072:+D4beJt/UAKF4ba3Hwi573QVx78b4Mt2rXH4Mzm:+D4+t/Uia3H153KK2EMS

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks