Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8069496d769163e3d7f6eec840b158a5_JaffaCakes118

  • Size

    512KB

  • Sample

    240529-md2vxscb39

  • MD5

    8069496d769163e3d7f6eec840b158a5

  • SHA1

    d33c2f3a11cb9bd778ffe37bd6bb83659c8e4718

  • SHA256

    cfb86dc7a35fd2dbaa8855f42a3adf24465d2df4f0bf2394b2f7d82f20372bf0

  • SHA512

    73a6acf17016275784b5177d3f4010652eadb683e7e31ec3c3ea1bdd4323e9f6fbca4f5a44c7bd3ba00d1c0c24cc6002f52439b1aef0133d3ab65791a69766c0

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj61:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5g

Malware Config

Targets

    • Target

      8069496d769163e3d7f6eec840b158a5_JaffaCakes118

    • Size

      512KB

    • MD5

      8069496d769163e3d7f6eec840b158a5

    • SHA1

      d33c2f3a11cb9bd778ffe37bd6bb83659c8e4718

    • SHA256

      cfb86dc7a35fd2dbaa8855f42a3adf24465d2df4f0bf2394b2f7d82f20372bf0

    • SHA512

      73a6acf17016275784b5177d3f4010652eadb683e7e31ec3c3ea1bdd4323e9f6fbca4f5a44c7bd3ba00d1c0c24cc6002f52439b1aef0133d3ab65791a69766c0

    • SSDEEP

      6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj61:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5g

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks