Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6e6ef12864d7c72c8b41144c11c9b941_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240524-n4ry3shb26

  • MD5

    6e6ef12864d7c72c8b41144c11c9b941

  • SHA1

    57901fb1e4dc858e5836430439876d2fba55e3b1

  • SHA256

    2f1f3fa1cd91cdd108112ea5f6fc9c77c836114b167e6ffbf941dfb68d596bad

  • SHA512

    7e45421af5a5826183c2b65e8b273d2f044bec88ed6f8b5b38b54bbfd783c2476e47ac55333739c41ce11b514e3a88da5683ddf143388bddd192a84814517962

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYlZ3pBjqlx7TovQmVV4dThen9zO:Lz071uv4BPMkibTIA5lCx7kvRWa4puWx

Malware Config

Targets

    • Target

      6e6ef12864d7c72c8b41144c11c9b941_JaffaCakes118

    • Size

      1.8MB

    • MD5

      6e6ef12864d7c72c8b41144c11c9b941

    • SHA1

      57901fb1e4dc858e5836430439876d2fba55e3b1

    • SHA256

      2f1f3fa1cd91cdd108112ea5f6fc9c77c836114b167e6ffbf941dfb68d596bad

    • SHA512

      7e45421af5a5826183c2b65e8b273d2f044bec88ed6f8b5b38b54bbfd783c2476e47ac55333739c41ce11b514e3a88da5683ddf143388bddd192a84814517962

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYlZ3pBjqlx7TovQmVV4dThen9zO:Lz071uv4BPMkibTIA5lCx7kvRWa4puWx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks