Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    15234a3b5e6114d527bb03941215945f_JaffaCakes118

  • Size

    488KB

  • Sample

    240627-h7tn7aycpf

  • MD5

    15234a3b5e6114d527bb03941215945f

  • SHA1

    86e2794a16d3d12055664bd40b4358ac9518e327

  • SHA256

    99e3e3061c6eee5d483f4c816be8daad88009e5559f544f70350e55e339aa0f8

  • SHA512

    a584ab19d4c343864b0e915f3d205a0c75d0335c9bdb52a3ff913be47efdb5273904f9d7ef889dbf54caed172ed9b7f7b629e33e56f4817e29ee259cc3bac39d

  • SSDEEP

    12288:sKr3QboC9qLGKgZKe4HYpHvcbTRRfMMMMM2MMMMM:sQ3QbiGL8LwHwRfMMMMM2MMMMM

Malware Config

Targets

    • Target

      15234a3b5e6114d527bb03941215945f_JaffaCakes118

    • Size

      488KB

    • MD5

      15234a3b5e6114d527bb03941215945f

    • SHA1

      86e2794a16d3d12055664bd40b4358ac9518e327

    • SHA256

      99e3e3061c6eee5d483f4c816be8daad88009e5559f544f70350e55e339aa0f8

    • SHA512

      a584ab19d4c343864b0e915f3d205a0c75d0335c9bdb52a3ff913be47efdb5273904f9d7ef889dbf54caed172ed9b7f7b629e33e56f4817e29ee259cc3bac39d

    • SSDEEP

      12288:sKr3QboC9qLGKgZKe4HYpHvcbTRRfMMMMM2MMMMM:sQ3QbiGL8LwHwRfMMMMM2MMMMM

    • Modifies WinLogon for persistence

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks