Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9e89ec8a6d7a50e4f9a68a7ed90f0eea_JaffaCakes118

  • Size

    3.3MB

  • Sample

    240611-r1syra1dkj

  • MD5

    9e89ec8a6d7a50e4f9a68a7ed90f0eea

  • SHA1

    286fafe21eb3232d42ac63f4220dbc1c281944c2

  • SHA256

    978cd9073207975e6dd535e34b59014de4eb4db0d54fd67d2d8a355e5df7458b

  • SHA512

    67f782c6b7c946d5dfcfb06dc1bd262d4f491aa092b2d0fabeda2dadebbbf96b22e7152ad93242943d27ec79ca5cd62ddb21a18f926a6d7b419704641c5c5b3b

  • SSDEEP

    98304:xQMV6QGLZdQfePhCko9qE4S473zOEcEe0e:xZ4QGF4Bz473y

Score
10/10

Malware Config

Targets

    • Target

      9e89ec8a6d7a50e4f9a68a7ed90f0eea_JaffaCakes118

    • Size

      3.3MB

    • MD5

      9e89ec8a6d7a50e4f9a68a7ed90f0eea

    • SHA1

      286fafe21eb3232d42ac63f4220dbc1c281944c2

    • SHA256

      978cd9073207975e6dd535e34b59014de4eb4db0d54fd67d2d8a355e5df7458b

    • SHA512

      67f782c6b7c946d5dfcfb06dc1bd262d4f491aa092b2d0fabeda2dadebbbf96b22e7152ad93242943d27ec79ca5cd62ddb21a18f926a6d7b419704641c5c5b3b

    • SSDEEP

      98304:xQMV6QGLZdQfePhCko9qE4S473zOEcEe0e:xZ4QGF4Bz473y

    Score
    10/10
    • UAC bypass

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks