Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    67b469684c605968ddd4763f62557876_JaffaCakes118

  • Size

    531KB

  • Sample

    240522-sqn3gsff66

  • MD5

    67b469684c605968ddd4763f62557876

  • SHA1

    d34c9debf18c61fbcc1af607d8c1351321873ae2

  • SHA256

    6ec2b6684aa70874e3925fc963edef13860e9b12fd88b95397255e2d0c10b30b

  • SHA512

    50dfd5d3f0169b3e0f0a4feafb7cd2d8050cd1180a63fc7c14a4912823522065d4c8bc52e1460fe356ce24f4b29bd871f826757863a903881d2587b1339744d4

  • SSDEEP

    12288:cnnxNXTHxigTCQbJUMHON1qAhN/QVIvHipk+cmsW:cnnxhAgTV6MHON1qqNYCP+x3

Score
9/10

Malware Config

Targets

    • Target

      67b469684c605968ddd4763f62557876_JaffaCakes118

    • Size

      531KB

    • MD5

      67b469684c605968ddd4763f62557876

    • SHA1

      d34c9debf18c61fbcc1af607d8c1351321873ae2

    • SHA256

      6ec2b6684aa70874e3925fc963edef13860e9b12fd88b95397255e2d0c10b30b

    • SHA512

      50dfd5d3f0169b3e0f0a4feafb7cd2d8050cd1180a63fc7c14a4912823522065d4c8bc52e1460fe356ce24f4b29bd871f826757863a903881d2587b1339744d4

    • SSDEEP

      12288:cnnxNXTHxigTCQbJUMHON1qAhN/QVIvHipk+cmsW:cnnxhAgTV6MHON1qqNYCP+x3

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks