Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3039e2ee34950a14ed25df21fc63634c_JaffaCakes118

  • Size

    212KB

  • Sample

    240709-ntbjcatgke

  • MD5

    3039e2ee34950a14ed25df21fc63634c

  • SHA1

    e8f06750a01704ffb805d988de1a4901c7770179

  • SHA256

    3e0a0694c8ce5b699bf628505fbba2ce599816883d4d996b8297411aace74190

  • SHA512

    9909ad8bc1f897d2a8cbc4b150177a2692609ef8dcbbee9a3fae06906fda1ba2495f7871891ae9065f4f5f5364a3c829e1d9038dd4dd56e69bbd193d8566acc5

  • SSDEEP

    6144:Dc9kfgNnCYP40Xf/9PJR8WjN4VRNuX/hYH:gWfgIanlJ2YGVG/qH

Malware Config

Targets

    • Target

      3039e2ee34950a14ed25df21fc63634c_JaffaCakes118

    • Size

      212KB

    • MD5

      3039e2ee34950a14ed25df21fc63634c

    • SHA1

      e8f06750a01704ffb805d988de1a4901c7770179

    • SHA256

      3e0a0694c8ce5b699bf628505fbba2ce599816883d4d996b8297411aace74190

    • SHA512

      9909ad8bc1f897d2a8cbc4b150177a2692609ef8dcbbee9a3fae06906fda1ba2495f7871891ae9065f4f5f5364a3c829e1d9038dd4dd56e69bbd193d8566acc5

    • SSDEEP

      6144:Dc9kfgNnCYP40Xf/9PJR8WjN4VRNuX/hYH:gWfgIanlJ2YGVG/qH

    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks