Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    12dbeb8bfc7e94dbf74e4f28ad7d9acd_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240626-wedn6avfra

  • MD5

    12dbeb8bfc7e94dbf74e4f28ad7d9acd

  • SHA1

    4fcb3fdbf21b66db45c04be335d85bc03e4c9435

  • SHA256

    08ee8a89c78013621b08fae8fd83765eab5fdcc1342cb5958ac10b1545688392

  • SHA512

    3237de1698bde322b379a3de14e936915cad911e1f52beb85bda13dc9c643b238c6670d64f54b898f262d87accca54ba00e4a612cf8c3b6ba97d0668c3828086

  • SSDEEP

    49152:KowymHvNuFknCZNLVPaQ6JX2lE40/2FwcuCm4I3w:KowymP4F5hPap2lE40/2FBvC3w

Malware Config

Targets

    • Target

      12dbeb8bfc7e94dbf74e4f28ad7d9acd_JaffaCakes118

    • Size

      1.8MB

    • MD5

      12dbeb8bfc7e94dbf74e4f28ad7d9acd

    • SHA1

      4fcb3fdbf21b66db45c04be335d85bc03e4c9435

    • SHA256

      08ee8a89c78013621b08fae8fd83765eab5fdcc1342cb5958ac10b1545688392

    • SHA512

      3237de1698bde322b379a3de14e936915cad911e1f52beb85bda13dc9c643b238c6670d64f54b898f262d87accca54ba00e4a612cf8c3b6ba97d0668c3828086

    • SSDEEP

      49152:KowymHvNuFknCZNLVPaQ6JX2lE40/2FwcuCm4I3w:KowymP4F5hPap2lE40/2FBvC3w

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks