Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8c3a1db3b96205665a9a1ec894058d81_JaffaCakes118

  • Size

    453KB

  • Sample

    240601-3xqvrsbd5z

  • MD5

    8c3a1db3b96205665a9a1ec894058d81

  • SHA1

    9fd6b8871b0a0b45e0352670098d7211fee63208

  • SHA256

    81dbbf64274c599feeef01b80d1d56d126cb607dfb54e8b65a5d7b35878b8842

  • SHA512

    62b20bbee62c56bf648a9be3c2e770bf8ddeab209f73a3d3b7f6bca99b0ffcf4c4042bf002c7dcaab79a0d4bfdcae54f3c7f341f1c5e639772ca9fbd6931390e

  • SSDEEP

    12288:fp7kwCTvbdS3+Slzdwn0Q/7MR9tP5huP+dCzPpG:VkwgU3+SVdwS/5h1CzPpG

Malware Config

Targets

    • Target

      8c3a1db3b96205665a9a1ec894058d81_JaffaCakes118

    • Size

      453KB

    • MD5

      8c3a1db3b96205665a9a1ec894058d81

    • SHA1

      9fd6b8871b0a0b45e0352670098d7211fee63208

    • SHA256

      81dbbf64274c599feeef01b80d1d56d126cb607dfb54e8b65a5d7b35878b8842

    • SHA512

      62b20bbee62c56bf648a9be3c2e770bf8ddeab209f73a3d3b7f6bca99b0ffcf4c4042bf002c7dcaab79a0d4bfdcae54f3c7f341f1c5e639772ca9fbd6931390e

    • SSDEEP

      12288:fp7kwCTvbdS3+Slzdwn0Q/7MR9tP5huP+dCzPpG:VkwgU3+SVdwS/5h1CzPpG

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks