Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    178e23ce61f1c87fb69a2d23ce241c03_JaffaCakes118

  • Size

    767KB

  • Sample

    240627-z38e8atdql

  • MD5

    178e23ce61f1c87fb69a2d23ce241c03

  • SHA1

    b87efed82f2472022388981cfdd295c330076adb

  • SHA256

    c84b93ea9418e569a419b29a12a34687767b9a5f970fee6b44bee1a535c10f12

  • SHA512

    faaea84772419c24c49a1d1f072e19ccecbf6b498de4227b1b649e9fc3109fd46c6bb26ac0aae0c1ab8b883a1664efe8d2c69b09a840af226647f6056bbc4186

  • SSDEEP

    12288:TsC/xLjZPUyBiLCCKG3NTJUVtn5OmujtCXh/eBd7cmnRhQpYaKIPPzeNjtH0Q2Pq:Yuj2y+CC99NKtnekRmBhRh9aKIPLotUQ

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://repoiury.com/inst.php?id=lee_02&lang=ENU

Targets

    • Target

      178e23ce61f1c87fb69a2d23ce241c03_JaffaCakes118

    • Size

      767KB

    • MD5

      178e23ce61f1c87fb69a2d23ce241c03

    • SHA1

      b87efed82f2472022388981cfdd295c330076adb

    • SHA256

      c84b93ea9418e569a419b29a12a34687767b9a5f970fee6b44bee1a535c10f12

    • SHA512

      faaea84772419c24c49a1d1f072e19ccecbf6b498de4227b1b649e9fc3109fd46c6bb26ac0aae0c1ab8b883a1664efe8d2c69b09a840af226647f6056bbc4186

    • SSDEEP

      12288:TsC/xLjZPUyBiLCCKG3NTJUVtn5OmujtCXh/eBd7cmnRhQpYaKIPPzeNjtH0Q2Pq:Yuj2y+CC99NKtnekRmBhRh9aKIPLotUQ

    Score
    10/10
    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks