Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    28631d0fdafc463f3926aa952deb83b0_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240706-q66w5ayhpq

  • MD5

    28631d0fdafc463f3926aa952deb83b0

  • SHA1

    71707a56a8825af2213b55f1b4eacccc73c8142f

  • SHA256

    9139f96f2eeb23fcec4a5acd380cb9146e4f6342eb4800e8adfad18d7bc17f5a

  • SHA512

    1666949c3f395a9f6d76dae14bce851a5587ff3414d0d001a4bfa30860559facf4cf1dc03dea0cd3a11102ac08524168bfe9b2074ab05c34afe5c485f015940e

  • SSDEEP

    24576:G66tHG/0zL4SeSekrKhG0AmaeC3dODxv6806U9oQT/6Adz2SuI0V:6Hz4SeS+J/BS80h//6AdE

Malware Config

Targets

    • Target

      28631d0fdafc463f3926aa952deb83b0_JaffaCakes118

    • Size

      1.4MB

    • MD5

      28631d0fdafc463f3926aa952deb83b0

    • SHA1

      71707a56a8825af2213b55f1b4eacccc73c8142f

    • SHA256

      9139f96f2eeb23fcec4a5acd380cb9146e4f6342eb4800e8adfad18d7bc17f5a

    • SHA512

      1666949c3f395a9f6d76dae14bce851a5587ff3414d0d001a4bfa30860559facf4cf1dc03dea0cd3a11102ac08524168bfe9b2074ab05c34afe5c485f015940e

    • SSDEEP

      24576:G66tHG/0zL4SeSekrKhG0AmaeC3dODxv6806U9oQT/6Adz2SuI0V:6Hz4SeS+J/BS80h//6AdE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks