Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    91592126d817694239ae18528aa1c349_JaffaCakes118

  • Size

    769KB

  • Sample

    240603-lwmy2sbh52

  • MD5

    91592126d817694239ae18528aa1c349

  • SHA1

    68a39ce122f3ea425598d961f27012e98379803d

  • SHA256

    9a4b0207d7aec705a376b29a7334bd780069f7d10ee0ab8dc69950817d81de2d

  • SHA512

    4f279122d8769fd140dbf79f098dc5085320a0dac6a77e5d94437dfbec9df324187ea40c22efebb2d7b8fbb958f80afa9a9299ba165ec261757e91a58978e3ff

  • SSDEEP

    12288:CSQqalk9lLWwiIjJR+/pCB6CSEavf9uq0HzsYVWxY7Ow6j33b6K/W:pQqfjLWwiIjJUsW98z57z6bp/W

Score
8/10

Malware Config

Targets

    • Target

      91592126d817694239ae18528aa1c349_JaffaCakes118

    • Size

      769KB

    • MD5

      91592126d817694239ae18528aa1c349

    • SHA1

      68a39ce122f3ea425598d961f27012e98379803d

    • SHA256

      9a4b0207d7aec705a376b29a7334bd780069f7d10ee0ab8dc69950817d81de2d

    • SHA512

      4f279122d8769fd140dbf79f098dc5085320a0dac6a77e5d94437dfbec9df324187ea40c22efebb2d7b8fbb958f80afa9a9299ba165ec261757e91a58978e3ff

    • SSDEEP

      12288:CSQqalk9lLWwiIjJR+/pCB6CSEavf9uq0HzsYVWxY7Ow6j33b6K/W:pQqfjLWwiIjJUsW98z57z6bp/W

    Score
    8/10
    • Adds policy Run key to start application

    • Sets service image path in registry

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks