Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2aa795e7dcf3bd2b601a890711c892f4_JaffaCakes118

  • Size

    60KB

  • Sample

    240708-ct9klaxhnn

  • MD5

    2aa795e7dcf3bd2b601a890711c892f4

  • SHA1

    305a0fb64296f3c27d4af02803312b3aff9afc24

  • SHA256

    13eeac587c8a32a64847568f99a60012534647fe9540cc0b540df4e113dcf0f2

  • SHA512

    3247e7a64684f215488e083436c446e0450ad61925fbca291ef54eee47958db86058c06cf900b561da9a8fb7ff2f1071675d26d3dfb1a91615cbaf4bdb206a3b

  • SSDEEP

    1536:CJiYU3BtpCdtWMrd4IJfzc5TOtnVxhxMU:CJil3BHCdtWxSLMTOtVxgU

Malware Config

Targets

    • Target

      2aa795e7dcf3bd2b601a890711c892f4_JaffaCakes118

    • Size

      60KB

    • MD5

      2aa795e7dcf3bd2b601a890711c892f4

    • SHA1

      305a0fb64296f3c27d4af02803312b3aff9afc24

    • SHA256

      13eeac587c8a32a64847568f99a60012534647fe9540cc0b540df4e113dcf0f2

    • SHA512

      3247e7a64684f215488e083436c446e0450ad61925fbca291ef54eee47958db86058c06cf900b561da9a8fb7ff2f1071675d26d3dfb1a91615cbaf4bdb206a3b

    • SSDEEP

      1536:CJiYU3BtpCdtWMrd4IJfzc5TOtnVxhxMU:CJil3BHCdtWxSLMTOtVxgU

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks