Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2208aaa95b499465dad1591035429009_JaffaCakes118

  • Size

    157KB

  • Sample

    240703-mkgtbsscpn

  • MD5

    2208aaa95b499465dad1591035429009

  • SHA1

    43b2864913c46b70c454aca239eaabc70de569bc

  • SHA256

    d72e099c7c7ddb8533ebbbfe7db8430be5301dd8b54c085a637dcce9b3f87b98

  • SHA512

    da30974b8f483b4ca09ca2666f3c96ec3729fd2435f8cc039ac6d43ba17a9afdee45bc4bb5fda607439e19e7f4f76c9053ec2b8a51fa2edcf4a3ef0715c5854c

  • SSDEEP

    3072:iU1PB0i/7jyEFlIc78wZAXsBVfv5gtE2jAK6ie8rtoukEruSZJX:JBB/7BFOEYXC15gWgX6ieytoud

Malware Config

Targets

    • Target

      2208aaa95b499465dad1591035429009_JaffaCakes118

    • Size

      157KB

    • MD5

      2208aaa95b499465dad1591035429009

    • SHA1

      43b2864913c46b70c454aca239eaabc70de569bc

    • SHA256

      d72e099c7c7ddb8533ebbbfe7db8430be5301dd8b54c085a637dcce9b3f87b98

    • SHA512

      da30974b8f483b4ca09ca2666f3c96ec3729fd2435f8cc039ac6d43ba17a9afdee45bc4bb5fda607439e19e7f4f76c9053ec2b8a51fa2edcf4a3ef0715c5854c

    • SSDEEP

      3072:iU1PB0i/7jyEFlIc78wZAXsBVfv5gtE2jAK6ie8rtoukEruSZJX:JBB/7BFOEYXC15gWgX6ieytoud

    • Deletes itself

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks