Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    30885b7a0d8fe3cdc05243135577ea74_JaffaCakes118

  • Size

    8.7MB

  • Sample

    240709-qjrtpawbml

  • MD5

    30885b7a0d8fe3cdc05243135577ea74

  • SHA1

    b55efb170f966d474e636e6368058e6c5393f3f6

  • SHA256

    630e7ad9d5ae6e35cce1717e2bb9fa9e702458fa0bb6f6b5c8f681bf433ff917

  • SHA512

    6d26b67150e9d0b45738ccf20242da9302efeb6851e981dfb0c808e52988e8a5ce299ce7052c94d92582cbef0ce456d57f08e1bb8d703e3828162d7b040edfc0

  • SSDEEP

    196608:MDFMT+sGCSkxBkt0GxDir4A40TonAqh+2bYzE:MXCHBk2tTona28z

Malware Config

Targets

    • Target

      30885b7a0d8fe3cdc05243135577ea74_JaffaCakes118

    • Size

      8.7MB

    • MD5

      30885b7a0d8fe3cdc05243135577ea74

    • SHA1

      b55efb170f966d474e636e6368058e6c5393f3f6

    • SHA256

      630e7ad9d5ae6e35cce1717e2bb9fa9e702458fa0bb6f6b5c8f681bf433ff917

    • SHA512

      6d26b67150e9d0b45738ccf20242da9302efeb6851e981dfb0c808e52988e8a5ce299ce7052c94d92582cbef0ce456d57f08e1bb8d703e3828162d7b040edfc0

    • SSDEEP

      196608:MDFMT+sGCSkxBkt0GxDir4A40TonAqh+2bYzE:MXCHBk2tTona28z

    • Modifies Windows Firewall

    • Stops running service(s)

    • Uses Session Manager for persistence

      Creates Session Manager registry key to run executable early in system boot.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks