Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1476604785a4cbf4b7d8d80e2063421e_JaffaCakes118

  • Size

    608KB

  • Sample

    240627-dpf8xsscrr

  • MD5

    1476604785a4cbf4b7d8d80e2063421e

  • SHA1

    d87f7829f72fe364863b8982d01324ea59e4ab2e

  • SHA256

    ceee0536bd5f1e70b4e3a2dca71f54afcfb1fcd2cb30b78e5e31178ec77fa004

  • SHA512

    432a0f3a1503f82f94ab70637a0ce96f12a9d18a132adfa78d1ffda4c75b9c40d00a7f772c7fc2adee8512712b7d8be88cc40bb67afa111611dcdf3df161c101

  • SSDEEP

    12288:/6yKKgppT6rMSjq2Yj2LQoSUaRrQWRrQN:/eK6pT6RJK2n850

Malware Config

Targets

    • Target

      1476604785a4cbf4b7d8d80e2063421e_JaffaCakes118

    • Size

      608KB

    • MD5

      1476604785a4cbf4b7d8d80e2063421e

    • SHA1

      d87f7829f72fe364863b8982d01324ea59e4ab2e

    • SHA256

      ceee0536bd5f1e70b4e3a2dca71f54afcfb1fcd2cb30b78e5e31178ec77fa004

    • SHA512

      432a0f3a1503f82f94ab70637a0ce96f12a9d18a132adfa78d1ffda4c75b9c40d00a7f772c7fc2adee8512712b7d8be88cc40bb67afa111611dcdf3df161c101

    • SSDEEP

      12288:/6yKKgppT6rMSjq2Yj2LQoSUaRrQWRrQN:/eK6pT6RJK2n850

    • Modifies WinLogon for persistence

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks