Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    444ffd2c05db0948b9e701808c4b1a4b_JaffaCakes118

  • Size

    340KB

  • Sample

    240714-e4wgtsygre

  • MD5

    444ffd2c05db0948b9e701808c4b1a4b

  • SHA1

    d005827f5eccd133506fd52c814336dd98ba83fb

  • SHA256

    1d3e3b5f4efa671ae7858d0c082c1cf86930293b9243eebf2ca0239e09d26344

  • SHA512

    4a57a41e9d533077f0fbbe98a0e75aca236806b31f87f7ea3a059e5d4c8e92704b07ea8dfd41028747117224a07fe4f2f146597cb9c4924501d73f53563df080

  • SSDEEP

    3072:GWSHWiNo/ftfQKAc94/3bXZ3Nk6Rk3+X8TKhPUrpljE2Ej5jE2Ej5jE2Ej8:GWZfec9EbXDk6RkQKjE2EBE2EBE2E4

Malware Config

Targets

    • Target

      444ffd2c05db0948b9e701808c4b1a4b_JaffaCakes118

    • Size

      340KB

    • MD5

      444ffd2c05db0948b9e701808c4b1a4b

    • SHA1

      d005827f5eccd133506fd52c814336dd98ba83fb

    • SHA256

      1d3e3b5f4efa671ae7858d0c082c1cf86930293b9243eebf2ca0239e09d26344

    • SHA512

      4a57a41e9d533077f0fbbe98a0e75aca236806b31f87f7ea3a059e5d4c8e92704b07ea8dfd41028747117224a07fe4f2f146597cb9c4924501d73f53563df080

    • SSDEEP

      3072:GWSHWiNo/ftfQKAc94/3bXZ3Nk6Rk3+X8TKhPUrpljE2Ej5jE2Ej5jE2Ej8:GWZfec9EbXDk6RkQKjE2EBE2EBE2E4

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks