Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    074ded651094fe1545d996add8e3df36_JaffaCakes118

  • Size

    256KB

  • Sample

    240620-sx3jfsvcmb

  • MD5

    074ded651094fe1545d996add8e3df36

  • SHA1

    9960378b363b6ff89d40a790e9cfe3f59c4004f8

  • SHA256

    eda59f4181b638df6cc16b7267535e70a54699c3a53101d07c0287662f83d546

  • SHA512

    13e15ee436e21ba7f5b4d3d90ce8f326d0926004d6f9e49ce827aae939a1e3c335a67709b6ca0b3a741268f935a7a36d52271077755022f3346972824f6ed56e

  • SSDEEP

    3072:Xo8L5tpV+CSA1AAPoCpxW5ATBfUNjpS1svkTVC9FieYTTLprx/m3qT4S826guKqr:ptpvoCpcNQ1jQdi

Score
8/10

Malware Config

Targets

    • Target

      074ded651094fe1545d996add8e3df36_JaffaCakes118

    • Size

      256KB

    • MD5

      074ded651094fe1545d996add8e3df36

    • SHA1

      9960378b363b6ff89d40a790e9cfe3f59c4004f8

    • SHA256

      eda59f4181b638df6cc16b7267535e70a54699c3a53101d07c0287662f83d546

    • SHA512

      13e15ee436e21ba7f5b4d3d90ce8f326d0926004d6f9e49ce827aae939a1e3c335a67709b6ca0b3a741268f935a7a36d52271077755022f3346972824f6ed56e

    • SSDEEP

      3072:Xo8L5tpV+CSA1AAPoCpxW5ATBfUNjpS1svkTVC9FieYTTLprx/m3qT4S826guKqr:ptpvoCpcNQ1jQdi

    Score
    8/10
    • Adds policy Run key to start application

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks