Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    45bca69dda7d4c27267c95d921e156a2_JaffaCakes118

  • Size

    2.7MB

  • Sample

    240714-n8rtwasbkb

  • MD5

    45bca69dda7d4c27267c95d921e156a2

  • SHA1

    dd8a119fdbafbb961c344317080e1d061096fc63

  • SHA256

    1cc2233b6a521d711edb9635f9041d9a235f2886370c8450e8c485adddf489c7

  • SHA512

    aed8ba648607b72aecae3eb0cb3ff716055e12c514c93c0953ea269a911ad235135a48d29f885725f5c30b24be9fb3ee6909f6705360255f43d219b5e17846a9

  • SSDEEP

    49152:08a8pojd8a8pojd8a8pojd8a8pojd8a8pojO0:a

Malware Config

Targets

    • Target

      45bca69dda7d4c27267c95d921e156a2_JaffaCakes118

    • Size

      2.7MB

    • MD5

      45bca69dda7d4c27267c95d921e156a2

    • SHA1

      dd8a119fdbafbb961c344317080e1d061096fc63

    • SHA256

      1cc2233b6a521d711edb9635f9041d9a235f2886370c8450e8c485adddf489c7

    • SHA512

      aed8ba648607b72aecae3eb0cb3ff716055e12c514c93c0953ea269a911ad235135a48d29f885725f5c30b24be9fb3ee6909f6705360255f43d219b5e17846a9

    • SSDEEP

      49152:08a8pojd8a8pojd8a8pojd8a8pojd8a8pojO0:a

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks