Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3ebd5f4ded0c75e7f67b3db28b84bf5f_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240712-y23ynsydjl

  • MD5

    3ebd5f4ded0c75e7f67b3db28b84bf5f

  • SHA1

    1d99ea9979a89332f83ee802e54e03a4db1652e1

  • SHA256

    6e64fd50cb9d38dceb3e6100794f3c11e3b8a458f6265b80101f1d976ad5564f

  • SHA512

    8b5c46ed3b3a8bd6fcd59aa662a26632d400780c5bbe7430752813a1a8f189028af1c22abb7a512533fa68fda4fdd007c16b89509d5407c22543371bf169d870

  • SSDEEP

    49152:3X3cC99eprWnVNCLaZzCfB43ejbu7BqSXO5YytTEdg:nspprFL/4a6VoDES

Malware Config

Targets

    • Target

      3ebd5f4ded0c75e7f67b3db28b84bf5f_JaffaCakes118

    • Size

      1.7MB

    • MD5

      3ebd5f4ded0c75e7f67b3db28b84bf5f

    • SHA1

      1d99ea9979a89332f83ee802e54e03a4db1652e1

    • SHA256

      6e64fd50cb9d38dceb3e6100794f3c11e3b8a458f6265b80101f1d976ad5564f

    • SHA512

      8b5c46ed3b3a8bd6fcd59aa662a26632d400780c5bbe7430752813a1a8f189028af1c22abb7a512533fa68fda4fdd007c16b89509d5407c22543371bf169d870

    • SSDEEP

      49152:3X3cC99eprWnVNCLaZzCfB43ejbu7BqSXO5YytTEdg:nspprFL/4a6VoDES

    • Drops file in Drivers directory

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Sets service image path in registry

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks