Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    66136fee669b198cbf321537771fad45_JaffaCakes118

  • Size

    804KB

  • Sample

    240723-epvxrawgrc

  • MD5

    66136fee669b198cbf321537771fad45

  • SHA1

    974e3af75b08f3427ec00efa8e29dbd8f22b9d3c

  • SHA256

    763c2809a0260db3b2cc6a215a3676edc7cf870c89a2eecc77d2375215dbb774

  • SHA512

    174eb5488498d249adbf863f6d50d04e744c251dadeafea0268c572ea89d7136bd4f30b3634e0e9327aaa6ddef70e8d074d2094c460575685424b9ddab8ec2b8

  • SSDEEP

    24576:REWlk0BnSW9W4Dh9xVExfsPx3NlkrGV44liq:2Wlk0BnSWXh9isblV47

Malware Config

Targets

    • Target

      66136fee669b198cbf321537771fad45_JaffaCakes118

    • Size

      804KB

    • MD5

      66136fee669b198cbf321537771fad45

    • SHA1

      974e3af75b08f3427ec00efa8e29dbd8f22b9d3c

    • SHA256

      763c2809a0260db3b2cc6a215a3676edc7cf870c89a2eecc77d2375215dbb774

    • SHA512

      174eb5488498d249adbf863f6d50d04e744c251dadeafea0268c572ea89d7136bd4f30b3634e0e9327aaa6ddef70e8d074d2094c460575685424b9ddab8ec2b8

    • SSDEEP

      24576:REWlk0BnSW9W4Dh9xVExfsPx3NlkrGV44liq:2Wlk0BnSWXh9isblV47

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks