Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5d15e008b2b201631d3b16d5026e9931_JaffaCakes118

  • Size

    410KB

  • Sample

    240719-wsp94sxcmc

  • MD5

    5d15e008b2b201631d3b16d5026e9931

  • SHA1

    aadd1314aac6cc37f41d37cdc0a0ce92f504f55f

  • SHA256

    0a5e0d6676ee93ae07febdff343882d26d9ea15b739e422a247a1c9e2d2b22d8

  • SHA512

    918d2690666a1cfcf9ee966df603a2407e2d81ac229ad2ef87ae16814177e742740a832ebe2014e711b5166ea87ae21101789a77995c0f3fbddb582beb493a68

  • SSDEEP

    6144:ssiDTBJFXOp0oGujq4HJQ8eYxqGXad5ZrVelz4VH08lWMAGjKpOzjed9X:sNOp0oaYgzd5belnMAH1fX

Malware Config

Targets

    • Target

      5d15e008b2b201631d3b16d5026e9931_JaffaCakes118

    • Size

      410KB

    • MD5

      5d15e008b2b201631d3b16d5026e9931

    • SHA1

      aadd1314aac6cc37f41d37cdc0a0ce92f504f55f

    • SHA256

      0a5e0d6676ee93ae07febdff343882d26d9ea15b739e422a247a1c9e2d2b22d8

    • SHA512

      918d2690666a1cfcf9ee966df603a2407e2d81ac229ad2ef87ae16814177e742740a832ebe2014e711b5166ea87ae21101789a77995c0f3fbddb582beb493a68

    • SSDEEP

      6144:ssiDTBJFXOp0oGujq4HJQ8eYxqGXad5ZrVelz4VH08lWMAGjKpOzjed9X:sNOp0oaYgzd5belnMAH1fX

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks