Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    23d6ce3a3676ff3ffb1a132fac7d4aef_JaffaCakes118

  • Size

    2.1MB

  • Sample

    240703-3fq47s1hjn

  • MD5

    23d6ce3a3676ff3ffb1a132fac7d4aef

  • SHA1

    f08e301e9a95fc2b2510704400b167bbd0a3419d

  • SHA256

    86c7d2983d91c7a22a609669d8c9ca5122084f10868777067aea6319be8f9226

  • SHA512

    eb91d88f3783e9eef63740e356008e7bfdd8ffdc3f4f649ff81d9913abbf56841a88a75c168a1e5a2f1a4f794799db3bdeac144367eccbfe5eb152488816f022

  • SSDEEP

    49152:oBbj9kG4OiW1j6VGrj9t+ScOaidxm+fcfffzX7:URh4OigjSYjW9gxlAfLL

Malware Config

Targets

    • Target

      23d6ce3a3676ff3ffb1a132fac7d4aef_JaffaCakes118

    • Size

      2.1MB

    • MD5

      23d6ce3a3676ff3ffb1a132fac7d4aef

    • SHA1

      f08e301e9a95fc2b2510704400b167bbd0a3419d

    • SHA256

      86c7d2983d91c7a22a609669d8c9ca5122084f10868777067aea6319be8f9226

    • SHA512

      eb91d88f3783e9eef63740e356008e7bfdd8ffdc3f4f649ff81d9913abbf56841a88a75c168a1e5a2f1a4f794799db3bdeac144367eccbfe5eb152488816f022

    • SSDEEP

      49152:oBbj9kG4OiW1j6VGrj9t+ScOaidxm+fcfffzX7:URh4OigjSYjW9gxlAfLL

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks