Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1c8575d5be57704d35f150dc101e5eca_JaffaCakes118

  • Size

    250KB

  • Sample

    240701-z3xnqatfnp

  • MD5

    1c8575d5be57704d35f150dc101e5eca

  • SHA1

    1eb97ec2d13018f35a91a5d30ef1faf703e195e7

  • SHA256

    40e7148d075f5b528df9b7d60ccd54169faeec3ca41e519bebbe8da813e3b8c1

  • SHA512

    69ffcd817b32c6744ef4ce3839945e2a90d67259bdbf568aa674112a96913d37bff47383b8fcedf0c07edda889c071378b050fd3cada2d4a6dd1b8d90a0d9e54

  • SSDEEP

    6144:yhieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:PeKrJJuf86AYcwoaoSbr

Malware Config

Targets

    • Target

      1c8575d5be57704d35f150dc101e5eca_JaffaCakes118

    • Size

      250KB

    • MD5

      1c8575d5be57704d35f150dc101e5eca

    • SHA1

      1eb97ec2d13018f35a91a5d30ef1faf703e195e7

    • SHA256

      40e7148d075f5b528df9b7d60ccd54169faeec3ca41e519bebbe8da813e3b8c1

    • SHA512

      69ffcd817b32c6744ef4ce3839945e2a90d67259bdbf568aa674112a96913d37bff47383b8fcedf0c07edda889c071378b050fd3cada2d4a6dd1b8d90a0d9e54

    • SSDEEP

      6144:yhieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:PeKrJJuf86AYcwoaoSbr

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks