Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6942c25e20fe4e18e7545ac2137f409a_JaffaCakes118

  • Size

    112KB

  • Sample

    240723-2q6f7stapk

  • MD5

    6942c25e20fe4e18e7545ac2137f409a

  • SHA1

    ae1ce8e5808b6919582423c8408692607e0c0902

  • SHA256

    54f2697220200b334a42b5800f841002629d78dab13ee49f2f6577847d0e276b

  • SHA512

    9004bf525104e7221bc1aca7eb76144a0ce679a35e885f8e1391fda5bc1bf723facba91e87e4e75476286440f8cbe9fef0d5304acbb4fffe09065392a551dedf

  • SSDEEP

    3072:MstjE+tiz2zy6YzVi6zz0/Q9qBnkn4wX42T0:6+wAy68V5WrRRMnY

Malware Config

Targets

    • Target

      6942c25e20fe4e18e7545ac2137f409a_JaffaCakes118

    • Size

      112KB

    • MD5

      6942c25e20fe4e18e7545ac2137f409a

    • SHA1

      ae1ce8e5808b6919582423c8408692607e0c0902

    • SHA256

      54f2697220200b334a42b5800f841002629d78dab13ee49f2f6577847d0e276b

    • SHA512

      9004bf525104e7221bc1aca7eb76144a0ce679a35e885f8e1391fda5bc1bf723facba91e87e4e75476286440f8cbe9fef0d5304acbb4fffe09065392a551dedf

    • SSDEEP

      3072:MstjE+tiz2zy6YzVi6zz0/Q9qBnkn4wX42T0:6+wAy68V5WrRRMnY

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks