Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    270a3519a8e7eb37a61138fd3cb2a552_JaffaCakes118

  • Size

    119KB

  • Sample

    240705-t8tlcsthnf

  • MD5

    270a3519a8e7eb37a61138fd3cb2a552

  • SHA1

    0a92d07330d5af6c740820d7a0628ad8b3034a8b

  • SHA256

    55e757eeb966e4389ee54fa25bbf401694f6192da5b2796ff6c2d135e8957346

  • SHA512

    5830196e3a5479efcfbf6989974bbdea961a9d86a21cb4ad2c9ffb47a649d73695c3a60e7e3b72364195bfcaafe306616b447b3364ee9013ddefcec2ce7e2735

  • SSDEEP

    3072:NhyVR3H397BpjsokToH3w1VOJOAmEPgrCA7mEjzZt+V:NEnsPTooOJOLEPzAdtc

Malware Config

Targets

    • Target

      270a3519a8e7eb37a61138fd3cb2a552_JaffaCakes118

    • Size

      119KB

    • MD5

      270a3519a8e7eb37a61138fd3cb2a552

    • SHA1

      0a92d07330d5af6c740820d7a0628ad8b3034a8b

    • SHA256

      55e757eeb966e4389ee54fa25bbf401694f6192da5b2796ff6c2d135e8957346

    • SHA512

      5830196e3a5479efcfbf6989974bbdea961a9d86a21cb4ad2c9ffb47a649d73695c3a60e7e3b72364195bfcaafe306616b447b3364ee9013ddefcec2ce7e2735

    • SSDEEP

      3072:NhyVR3H397BpjsokToH3w1VOJOAmEPgrCA7mEjzZt+V:NEnsPTooOJOLEPzAdtc

    • Renames multiple (216) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks