Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4ccef3620ed4885353203d5d5206689c_JaffaCakes118

  • Size

    205KB

  • Sample

    240716-e5jvesvdqk

  • MD5

    4ccef3620ed4885353203d5d5206689c

  • SHA1

    f97e56b04c378cd58d0ca4b56fa8e25027332bd4

  • SHA256

    069c33d898fce1026f6eef24ec7a6e3367f16947662d72409d9bf07a9e16fb7e

  • SHA512

    9a30ac500dc0369070a32b1ecef2eaa5f652aa2b232fc20dc09a0f4ecb535e912cc8d10a02cf076ae182049ba43385e22dfc9c958129c3871313722871afc801

  • SSDEEP

    3072:iikEs0ttGAtZI24Okk8x3zAGPd+o6eZvHmylc+vuXfA2x:/TTGh2Z8xPPdj6Ujc+vIx

Score
8/10

Malware Config

Targets

    • Target

      4ccef3620ed4885353203d5d5206689c_JaffaCakes118

    • Size

      205KB

    • MD5

      4ccef3620ed4885353203d5d5206689c

    • SHA1

      f97e56b04c378cd58d0ca4b56fa8e25027332bd4

    • SHA256

      069c33d898fce1026f6eef24ec7a6e3367f16947662d72409d9bf07a9e16fb7e

    • SHA512

      9a30ac500dc0369070a32b1ecef2eaa5f652aa2b232fc20dc09a0f4ecb535e912cc8d10a02cf076ae182049ba43385e22dfc9c958129c3871313722871afc801

    • SSDEEP

      3072:iikEs0ttGAtZI24Okk8x3zAGPd+o6eZvHmylc+vuXfA2x:/TTGh2Z8xPPdj6Ujc+vIx

    Score
    8/10
    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks