Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    48574ff5d7066a572477655c456ec893_JaffaCakes118

  • Size

    4.6MB

  • Sample

    240715-fqy68ssbqb

  • MD5

    48574ff5d7066a572477655c456ec893

  • SHA1

    df59b7d5a84f19f8672a11b75ab19d7221f81252

  • SHA256

    844905e4d0e3face9b9eb85c0903950ebd1fb579d47a084565b474237290273f

  • SHA512

    b01bdca51c647624397a69a0d7204d6b06681aa3ba2c778fe6349781df3142adcc542919aaa5d5fd155c902f645381ea69600b8c5c3a655a140dbc609e05e261

  • SSDEEP

    98304:tYXiyksWjebdvQvhidC0PBtyVniz2wX9arLCpu6JrMlYp3fOUIkDK:miUWwKidC0Zt7ptxpzrMlYp7fK

Malware Config

Targets

    • Target

      48574ff5d7066a572477655c456ec893_JaffaCakes118

    • Size

      4.6MB

    • MD5

      48574ff5d7066a572477655c456ec893

    • SHA1

      df59b7d5a84f19f8672a11b75ab19d7221f81252

    • SHA256

      844905e4d0e3face9b9eb85c0903950ebd1fb579d47a084565b474237290273f

    • SHA512

      b01bdca51c647624397a69a0d7204d6b06681aa3ba2c778fe6349781df3142adcc542919aaa5d5fd155c902f645381ea69600b8c5c3a655a140dbc609e05e261

    • SSDEEP

      98304:tYXiyksWjebdvQvhidC0PBtyVniz2wX9arLCpu6JrMlYp3fOUIkDK:miUWwKidC0Zt7ptxpzrMlYp7fK

    • Modifies Windows Firewall

    • Stops running service(s)

    • Uses Session Manager for persistence

      Creates Session Manager registry key to run executable early in system boot.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks