Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4c889bbb32888fac576629a454a7cd0b_JaffaCakes118

  • Size

    100KB

  • Sample

    240716-dh9lwssbln

  • MD5

    4c889bbb32888fac576629a454a7cd0b

  • SHA1

    515cdd48ea8f4647b73bdcde29305d90eb754f32

  • SHA256

    442f209fb18d78eb30f5e3cdaf73a4a03edff0d8801f63432ff9ffe67f475a9e

  • SHA512

    d2c164e2c416083a9ffb882f3acdfea55f6f2f60f6a458bd457a4a747740fcbb8cb13c2cc293695b3044294afe1435f646c77f393ab351a2d741179f87047ef9

  • SSDEEP

    3072:FwYLn4919swCk4OR3I9UGVk8jwaaHw7Koj4rDMHRO:LLnQ19sWRG4Sc

Malware Config

Targets

    • Target

      4c889bbb32888fac576629a454a7cd0b_JaffaCakes118

    • Size

      100KB

    • MD5

      4c889bbb32888fac576629a454a7cd0b

    • SHA1

      515cdd48ea8f4647b73bdcde29305d90eb754f32

    • SHA256

      442f209fb18d78eb30f5e3cdaf73a4a03edff0d8801f63432ff9ffe67f475a9e

    • SHA512

      d2c164e2c416083a9ffb882f3acdfea55f6f2f60f6a458bd457a4a747740fcbb8cb13c2cc293695b3044294afe1435f646c77f393ab351a2d741179f87047ef9

    • SSDEEP

      3072:FwYLn4919swCk4OR3I9UGVk8jwaaHw7Koj4rDMHRO:LLnQ19sWRG4Sc

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks