Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5df7b6914058320be1ecac739d32a4a7_JaffaCakes118

  • Size

    72KB

  • Sample

    240719-2j8yratdqj

  • MD5

    5df7b6914058320be1ecac739d32a4a7

  • SHA1

    e4e867c32f36bba89fee537bde7d4c4934a3fe0d

  • SHA256

    7451988910c8306e03cf10cebb4099cb360cf45685a175d67022cedb90be36a3

  • SHA512

    3bfa6518383aa4a60caf27d363481b95e73f1aa7c40b615b025304d337711b82b7d78e1dd3c8e669bbaf25ebaeb0955e6f9aeda47a0eef93b81a1483d3fabf4b

  • SSDEEP

    1536:+EXzfXeRZhjgu5VQrBanw5nTN8a9B1IuAbWhVtVmAKTwL:BPyhjguLQrTTN8a93I7b2DV7K8L

Malware Config

Targets

    • Target

      5df7b6914058320be1ecac739d32a4a7_JaffaCakes118

    • Size

      72KB

    • MD5

      5df7b6914058320be1ecac739d32a4a7

    • SHA1

      e4e867c32f36bba89fee537bde7d4c4934a3fe0d

    • SHA256

      7451988910c8306e03cf10cebb4099cb360cf45685a175d67022cedb90be36a3

    • SHA512

      3bfa6518383aa4a60caf27d363481b95e73f1aa7c40b615b025304d337711b82b7d78e1dd3c8e669bbaf25ebaeb0955e6f9aeda47a0eef93b81a1483d3fabf4b

    • SSDEEP

      1536:+EXzfXeRZhjgu5VQrBanw5nTN8a9B1IuAbWhVtVmAKTwL:BPyhjguLQrTTN8a93I7b2DV7K8L

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks