Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6271bb6d17a2186c4d4c86f3aebef739_JaffaCakes118

  • Size

    469KB

  • Sample

    240722-j3qx6sxfkq

  • MD5

    6271bb6d17a2186c4d4c86f3aebef739

  • SHA1

    728dc81082cd6d6a3285a81ab021c32086957ecb

  • SHA256

    2527e41c4ab44d250ca5064cffa10d3b64028024a0c4e299cd36b23c8d81f45a

  • SHA512

    254b537b98cbd611b3eecc1f9e08c93be00f299a6ed214ce8f574a550749c04b544bd73f7c6efbb4f533ac367b61292ad095e099286c4fd64c3a8e1664a2515d

  • SSDEEP

    12288:lvqwbCRWnYXE5WBoEJZ4fhNPH/oSG2imn:lyQ6oDDPOPmn

Score
8/10

Malware Config

Targets

    • Target

      6271bb6d17a2186c4d4c86f3aebef739_JaffaCakes118

    • Size

      469KB

    • MD5

      6271bb6d17a2186c4d4c86f3aebef739

    • SHA1

      728dc81082cd6d6a3285a81ab021c32086957ecb

    • SHA256

      2527e41c4ab44d250ca5064cffa10d3b64028024a0c4e299cd36b23c8d81f45a

    • SHA512

      254b537b98cbd611b3eecc1f9e08c93be00f299a6ed214ce8f574a550749c04b544bd73f7c6efbb4f533ac367b61292ad095e099286c4fd64c3a8e1664a2515d

    • SSDEEP

      12288:lvqwbCRWnYXE5WBoEJZ4fhNPH/oSG2imn:lyQ6oDDPOPmn

    Score
    8/10
    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks