Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    27741e396045ff762288d6d0e384358e_JaffaCakes118

  • Size

    80KB

  • Sample

    240706-gkqhkszera

  • MD5

    27741e396045ff762288d6d0e384358e

  • SHA1

    2e88e014264b28eb025385686763ae66a32191aa

  • SHA256

    324fb02e7aabaae28dced39d680c0819cb3986908726088a6584e572f745c9da

  • SHA512

    6ba2da28922a9219c2611800c45446ee1aaa0e2729bbd8599f9f44bdf9e3cb269ced9f5c33c0352082603e0b107015e760b27597e9799b165fc15d8e4bcf2f0d

  • SSDEEP

    1536:/gWgWt5NCgrLvk6JKLe7+nB7stedqiDV8Z3anehf9jMSEgluqdJ:4Wlt5sgAyABwtedqRxVjXVdJ

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      27741e396045ff762288d6d0e384358e_JaffaCakes118

    • Size

      80KB

    • MD5

      27741e396045ff762288d6d0e384358e

    • SHA1

      2e88e014264b28eb025385686763ae66a32191aa

    • SHA256

      324fb02e7aabaae28dced39d680c0819cb3986908726088a6584e572f745c9da

    • SHA512

      6ba2da28922a9219c2611800c45446ee1aaa0e2729bbd8599f9f44bdf9e3cb269ced9f5c33c0352082603e0b107015e760b27597e9799b165fc15d8e4bcf2f0d

    • SSDEEP

      1536:/gWgWt5NCgrLvk6JKLe7+nB7stedqiDV8Z3anehf9jMSEgluqdJ:4Wlt5sgAyABwtedqRxVjXVdJ

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks