Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1825fbf9c671af72ea7dd61405461208_JaffaCakes118

  • Size

    4.8MB

  • Sample

    240628-azpfha1end

  • MD5

    1825fbf9c671af72ea7dd61405461208

  • SHA1

    4a4fe374131bcc3d4c033f3eb53dd382b3148ac1

  • SHA256

    e2ff036733d4f7dea388fafc17f294e8438d4e9d49092545ad91d1d196a93012

  • SHA512

    dcd7f376f0d326724bf0e23f3a1b6216cd01570e25e1d74451bae087332f42e710e92b46b964862ba127d00d05d001ea8fdad08f67e96365b1f1a8b579dfee0f

  • SSDEEP

    98304:zW2Jy7dg5cYE6fR/0T52RAgQoQGOmQDQwDVB8NFAH6pzz+:KNu5cYRfRHRAgrwDH8NqapW

Malware Config

Targets

    • Target

      1825fbf9c671af72ea7dd61405461208_JaffaCakes118

    • Size

      4.8MB

    • MD5

      1825fbf9c671af72ea7dd61405461208

    • SHA1

      4a4fe374131bcc3d4c033f3eb53dd382b3148ac1

    • SHA256

      e2ff036733d4f7dea388fafc17f294e8438d4e9d49092545ad91d1d196a93012

    • SHA512

      dcd7f376f0d326724bf0e23f3a1b6216cd01570e25e1d74451bae087332f42e710e92b46b964862ba127d00d05d001ea8fdad08f67e96365b1f1a8b579dfee0f

    • SSDEEP

      98304:zW2Jy7dg5cYE6fR/0T52RAgQoQGOmQDQwDVB8NFAH6pzz+:KNu5cYRfRHRAgrwDH8NqapW

    • Stops running service(s)

    • Uses Session Manager for persistence

      Creates Session Manager registry key to run executable early in system boot.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks