Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    24041253e112a67f1fe46cb8c3383d00_JaffaCakes118

  • Size

    313KB

  • Sample

    240704-atj9lathqk

  • MD5

    24041253e112a67f1fe46cb8c3383d00

  • SHA1

    4789403e21263ae5177f894e27b90369b46b4b2b

  • SHA256

    60d577305e44ad18f69668a7cc94d1f1e443679f617a0e2a64c2f815dd36a4f5

  • SHA512

    15ee315a51ddfe70fd8e341ba8059192f6d0ea4fe0ddfbe0f22a6f88b10b89d31e4bbe96197a8c93169028d26d16df273882f42ef94a0d653569c21505a71c76

  • SSDEEP

    6144:7VDIykF3mQt0fZv9YC5fn+aCyIK3ccnMxj6YClOam8y:7hedmUWY2W1K3DnsZCcH

Malware Config

Targets

    • Target

      24041253e112a67f1fe46cb8c3383d00_JaffaCakes118

    • Size

      313KB

    • MD5

      24041253e112a67f1fe46cb8c3383d00

    • SHA1

      4789403e21263ae5177f894e27b90369b46b4b2b

    • SHA256

      60d577305e44ad18f69668a7cc94d1f1e443679f617a0e2a64c2f815dd36a4f5

    • SHA512

      15ee315a51ddfe70fd8e341ba8059192f6d0ea4fe0ddfbe0f22a6f88b10b89d31e4bbe96197a8c93169028d26d16df273882f42ef94a0d653569c21505a71c76

    • SSDEEP

      6144:7VDIykF3mQt0fZv9YC5fn+aCyIK3ccnMxj6YClOam8y:7hedmUWY2W1K3DnsZCcH

    • Modifies firewall policy service

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks