Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3dc426881aefe72a44fa70879d615317_JaffaCakes118

  • Size

    921KB

  • Sample

    240712-rv298szcrf

  • MD5

    3dc426881aefe72a44fa70879d615317

  • SHA1

    520897c55fc8a25e834f7442243464d99d73c64b

  • SHA256

    643ca07224e075e20fb81f4462bdbbca04c61891329e275544b5a117adfe0005

  • SHA512

    8584c26b61824f29f09905d7aac20e3acabcfab160e2506dad8ef5d2bca632b225830d8c597ab8d61ed524054b696bfc8fe43d8758cf347a80d66c69166e1779

  • SSDEEP

    24576:XaGo7wr6HAslncJgpy2PsaeF//s05pOsp:LqAQsCp4/T5p9

Score
9/10

Malware Config

Targets

    • Target

      3dc426881aefe72a44fa70879d615317_JaffaCakes118

    • Size

      921KB

    • MD5

      3dc426881aefe72a44fa70879d615317

    • SHA1

      520897c55fc8a25e834f7442243464d99d73c64b

    • SHA256

      643ca07224e075e20fb81f4462bdbbca04c61891329e275544b5a117adfe0005

    • SHA512

      8584c26b61824f29f09905d7aac20e3acabcfab160e2506dad8ef5d2bca632b225830d8c597ab8d61ed524054b696bfc8fe43d8758cf347a80d66c69166e1779

    • SSDEEP

      24576:XaGo7wr6HAslncJgpy2PsaeF//s05pOsp:LqAQsCp4/T5p9

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks