Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    267773fdad7ae1984bfc052fb653903d_JaffaCakes118

  • Size

    60KB

  • Sample

    240704-2fvlysvfne

  • MD5

    267773fdad7ae1984bfc052fb653903d

  • SHA1

    b6c5bf1bafd819405282680b110832ef90e245eb

  • SHA256

    b0808e2245fc5fb4fb12056f711729df27d9a01faa276894928af2580b8d9e37

  • SHA512

    1b6dc400338f7aeeb11082a54d6d4a8d694230ed68c88e4e23c4142592c6b30823bf37d055b4f3ba1941114d88b82203dfce7691932f5635c0dd82feb375c215

  • SSDEEP

    1536:bQhWdNgUP4/3ZiWY+6V1NLCBT8bjltWOjdZ7:ngPZY+Q0ubptWO5N

Malware Config

Targets

    • Target

      267773fdad7ae1984bfc052fb653903d_JaffaCakes118

    • Size

      60KB

    • MD5

      267773fdad7ae1984bfc052fb653903d

    • SHA1

      b6c5bf1bafd819405282680b110832ef90e245eb

    • SHA256

      b0808e2245fc5fb4fb12056f711729df27d9a01faa276894928af2580b8d9e37

    • SHA512

      1b6dc400338f7aeeb11082a54d6d4a8d694230ed68c88e4e23c4142592c6b30823bf37d055b4f3ba1941114d88b82203dfce7691932f5635c0dd82feb375c215

    • SSDEEP

      1536:bQhWdNgUP4/3ZiWY+6V1NLCBT8bjltWOjdZ7:ngPZY+Q0ubptWO5N

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks