Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    12ab006815614f2ad93358a7a03f7441_JaffaCakes118

  • Size

    359KB

  • Sample

    240626-t44krswarl

  • MD5

    12ab006815614f2ad93358a7a03f7441

  • SHA1

    fda1d986310e48a1f1de2653225481f50008a5ef

  • SHA256

    f19d07fbccb4bbf733cc55c967097e5cef053cd0c9188c10a5f138ea92929cb0

  • SHA512

    2c4a8cc51b73765830f94a051859431dff0fd4967dd7b18ab84d70fd38cc5bcae7838f8cd86a09a42eea925463c6efe92d33d7e6efebcbfb919b21fef773d17c

  • SSDEEP

    3072:IDsA/+Nzz0da6j2BtJ8nLzhbwhc+3aOz3TfRL0qz:Io4U6jnLlc++qOz3t

Malware Config

Targets

    • Target

      12ab006815614f2ad93358a7a03f7441_JaffaCakes118

    • Size

      359KB

    • MD5

      12ab006815614f2ad93358a7a03f7441

    • SHA1

      fda1d986310e48a1f1de2653225481f50008a5ef

    • SHA256

      f19d07fbccb4bbf733cc55c967097e5cef053cd0c9188c10a5f138ea92929cb0

    • SHA512

      2c4a8cc51b73765830f94a051859431dff0fd4967dd7b18ab84d70fd38cc5bcae7838f8cd86a09a42eea925463c6efe92d33d7e6efebcbfb919b21fef773d17c

    • SSDEEP

      3072:IDsA/+Nzz0da6j2BtJ8nLzhbwhc+3aOz3TfRL0qz:Io4U6jnLlc++qOz3t

    • Modifies WinLogon for persistence

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Impair Defenses: Safe Mode Boot

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks