Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    210619e23f9680333393f28461f093d6_JaffaCakes118

  • Size

    404KB

  • Sample

    240703-epnhnswgrg

  • MD5

    210619e23f9680333393f28461f093d6

  • SHA1

    2425077adfacabb570fc6e717f987f9d8e8c5ff7

  • SHA256

    cc16d24d1d6b7c806908c6f16ac3827c1d352e4c0c05e4ad47a391746688562a

  • SHA512

    c12ffe1c465b8884cfc816e6b6e10fdc1a3dcdb419cf2c7643eba69416005d019f4b43084625ae36fc51e2ce3e4c8929e0aaa129c1bcbb61604de9f201837715

  • SSDEEP

    6144:kTnjnvrM3mjHGh5Doh9Z5cAea4Jv81E66Hwc2Fq4t:kHn438Hwerea2vEEFz2F

Malware Config

Targets

    • Target

      210619e23f9680333393f28461f093d6_JaffaCakes118

    • Size

      404KB

    • MD5

      210619e23f9680333393f28461f093d6

    • SHA1

      2425077adfacabb570fc6e717f987f9d8e8c5ff7

    • SHA256

      cc16d24d1d6b7c806908c6f16ac3827c1d352e4c0c05e4ad47a391746688562a

    • SHA512

      c12ffe1c465b8884cfc816e6b6e10fdc1a3dcdb419cf2c7643eba69416005d019f4b43084625ae36fc51e2ce3e4c8929e0aaa129c1bcbb61604de9f201837715

    • SSDEEP

      6144:kTnjnvrM3mjHGh5Doh9Z5cAea4Jv81E66Hwc2Fq4t:kHn438Hwerea2vEEFz2F

    • Modifies WinLogon for persistence

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks