Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    37ddfb7305b3244d4c4db0676134fd06_JaffaCakes118

  • Size

    3.5MB

  • Sample

    240711-f5qtea1ejp

  • MD5

    37ddfb7305b3244d4c4db0676134fd06

  • SHA1

    70b1ddd7d4b098d651a2ba6c07e8d0834b82c45b

  • SHA256

    f51652b3c16d5b11a8f601d7e3604839292c811e4a11d761a32259278f66d004

  • SHA512

    806cc165121777d35341aa946401517652212115ce48b2e26c290fe645ffda946c37123873d9a1c3a36fc752e7e0999c65d193c0bedd6242a12a9723967841c9

  • SSDEEP

    98304:sAKDPUTGHXoXe79PUgyLq9Nf4yvH5dNu6lF+:QP4G3oa9PXJ9Nf465dU6S

Malware Config

Targets

    • Target

      37ddfb7305b3244d4c4db0676134fd06_JaffaCakes118

    • Size

      3.5MB

    • MD5

      37ddfb7305b3244d4c4db0676134fd06

    • SHA1

      70b1ddd7d4b098d651a2ba6c07e8d0834b82c45b

    • SHA256

      f51652b3c16d5b11a8f601d7e3604839292c811e4a11d761a32259278f66d004

    • SHA512

      806cc165121777d35341aa946401517652212115ce48b2e26c290fe645ffda946c37123873d9a1c3a36fc752e7e0999c65d193c0bedd6242a12a9723967841c9

    • SSDEEP

      98304:sAKDPUTGHXoXe79PUgyLq9Nf4yvH5dNu6lF+:QP4G3oa9PXJ9Nf465dU6S

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks