Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    14f88a2abea6068b178f7048ba6f37a7_JaffaCakes118

  • Size

    89KB

  • Sample

    240627-g4bhrswdre

  • MD5

    14f88a2abea6068b178f7048ba6f37a7

  • SHA1

    d436d5e99a9670d9193c95e43d2eede84b1385fb

  • SHA256

    1ccec6ca6121d6c8f963371bbe5233e607d881eb9df1fbdb689f8d749000b5e5

  • SHA512

    8c0de6d07970c5f683219da4122af525d8ce899c408cba8d82932da1a549beda72f94b7e8f2f421fd140eaed7d99a09d596531dfd3766884b5347f4ad316d3bf

  • SSDEEP

    1536:VE/nwTl9e12Jpu+z5ds06EEssa9aNJYtbfRiiZh8M2NFy:VEel9q2JphzvqEOiZh8M2

Malware Config

Targets

    • Target

      14f88a2abea6068b178f7048ba6f37a7_JaffaCakes118

    • Size

      89KB

    • MD5

      14f88a2abea6068b178f7048ba6f37a7

    • SHA1

      d436d5e99a9670d9193c95e43d2eede84b1385fb

    • SHA256

      1ccec6ca6121d6c8f963371bbe5233e607d881eb9df1fbdb689f8d749000b5e5

    • SHA512

      8c0de6d07970c5f683219da4122af525d8ce899c408cba8d82932da1a549beda72f94b7e8f2f421fd140eaed7d99a09d596531dfd3766884b5347f4ad316d3bf

    • SSDEEP

      1536:VE/nwTl9e12Jpu+z5ds06EEssa9aNJYtbfRiiZh8M2NFy:VEel9q2JphzvqEOiZh8M2

    • Modifies firewall policy service

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks