Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2fe58dd25783b4e054be8ad1697e2223_JaffaCakes118

  • Size

    774KB

  • Sample

    240709-lvlplazfph

  • MD5

    2fe58dd25783b4e054be8ad1697e2223

  • SHA1

    633ddb68881701ad3c56ea9d214bdae3285dd3c1

  • SHA256

    327dd0e8aba6eaeabf6892329ed66a751a4ca2c8c0a3e371347c2e9f336b97d9

  • SHA512

    9693003867f102087ec808c397264b8a726cf5cf38578848f7f6a3c3deb14796aa428541aeff9118c1d2251f73026805820198155a228938e3be72141349551f

  • SSDEEP

    24576:/qds2kT4wnpGFoM/dYIAlakpkSVlTEdP:/p6sgYIqlTTEdP

Malware Config

Targets

    • Target

      2fe58dd25783b4e054be8ad1697e2223_JaffaCakes118

    • Size

      774KB

    • MD5

      2fe58dd25783b4e054be8ad1697e2223

    • SHA1

      633ddb68881701ad3c56ea9d214bdae3285dd3c1

    • SHA256

      327dd0e8aba6eaeabf6892329ed66a751a4ca2c8c0a3e371347c2e9f336b97d9

    • SHA512

      9693003867f102087ec808c397264b8a726cf5cf38578848f7f6a3c3deb14796aa428541aeff9118c1d2251f73026805820198155a228938e3be72141349551f

    • SSDEEP

      24576:/qds2kT4wnpGFoM/dYIAlakpkSVlTEdP:/p6sgYIqlTTEdP

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks