Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    282807be952aca9e2a10d4b998dea99d_JaffaCakes118

  • Size

    471KB

  • Sample

    240706-l4jllaxgnh

  • MD5

    282807be952aca9e2a10d4b998dea99d

  • SHA1

    deaa64423864b09383f24dd58fc24d694aa9cb92

  • SHA256

    4c6d0b9e1fc3066b7421978fba95f7e6ce0463887ed953365b5cab4f4e16a9b0

  • SHA512

    be53040a2a879bff60d64d947a987548df38873c062bbb2cff2d821460c7116817a75fce9f8488434f1a5c0c9035735ee756393443e217ade93fec1f4c6a53bc

  • SSDEEP

    12288:+e6fM21Az3KwyGLHAzNQ3YL//LJNNDTPzNH7JV3Fcfk8rTvrLadrax8D+5axnfDF:+e6fNALKwf8zNQ3YL//LJNNDTPzNH7JB

Score
8/10

Malware Config

Targets

    • Target

      282807be952aca9e2a10d4b998dea99d_JaffaCakes118

    • Size

      471KB

    • MD5

      282807be952aca9e2a10d4b998dea99d

    • SHA1

      deaa64423864b09383f24dd58fc24d694aa9cb92

    • SHA256

      4c6d0b9e1fc3066b7421978fba95f7e6ce0463887ed953365b5cab4f4e16a9b0

    • SHA512

      be53040a2a879bff60d64d947a987548df38873c062bbb2cff2d821460c7116817a75fce9f8488434f1a5c0c9035735ee756393443e217ade93fec1f4c6a53bc

    • SSDEEP

      12288:+e6fM21Az3KwyGLHAzNQ3YL//LJNNDTPzNH7JV3Fcfk8rTvrLadrax8D+5axnfDF:+e6fNALKwf8zNQ3YL//LJNNDTPzNH7JB

    Score
    8/10
    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks