Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3451967dff4b80559e31974344d32eee_JaffaCakes118

  • Size

    64KB

  • Sample

    240710-mcb8wasaqq

  • MD5

    3451967dff4b80559e31974344d32eee

  • SHA1

    40899a872049bf278723f89b381322f7919e54d5

  • SHA256

    08820f6dd96c44621c905f6b4243fc385bbfd25f7336b91319f0d609943515f9

  • SHA512

    5d937d2ad45be282ce1850174a017bea98d7894c962fe11bd336f4b53017d9968d226ae8293bd938da3ec78c642859ff5503c3243be986df01300ab78e8b1942

  • SSDEEP

    1536:l9r3gIQRlNvqLr862vn9JFSscThynIImFDHinouy8:rLg7vq3qvgscTYITtaout

Malware Config

Targets

    • Target

      3451967dff4b80559e31974344d32eee_JaffaCakes118

    • Size

      64KB

    • MD5

      3451967dff4b80559e31974344d32eee

    • SHA1

      40899a872049bf278723f89b381322f7919e54d5

    • SHA256

      08820f6dd96c44621c905f6b4243fc385bbfd25f7336b91319f0d609943515f9

    • SHA512

      5d937d2ad45be282ce1850174a017bea98d7894c962fe11bd336f4b53017d9968d226ae8293bd938da3ec78c642859ff5503c3243be986df01300ab78e8b1942

    • SSDEEP

      1536:l9r3gIQRlNvqLr862vn9JFSscThynIImFDHinouy8:rLg7vq3qvgscTYITtaout

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks