Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    661d6eb6ac7c569c21c765a6ea09fd0a_JaffaCakes118

  • Size

    643KB

  • Sample

    240723-eyhc1sxckh

  • MD5

    661d6eb6ac7c569c21c765a6ea09fd0a

  • SHA1

    3ba9f6031a19041bc499215a61ad82c34997ddcb

  • SHA256

    458a7240bace209c7a5490818bea5960d4efd006e03a441dc6ad5370a52aff1a

  • SHA512

    a293bdd7cef3b258bb011777531541d81e4d2e1a9f6018fa2e688b4d00fb0226b9b12b54d692d15733df2e036a331ddece79a47d7e5d622b0aede057afae8f9c

  • SSDEEP

    12288:xjkArEN249AyE/rbaMct4bO2/VGVw7E3kyaXl65zsWvVsMojKSHxgP7aOgCcDBDx:+FE//Tct4bOssROs5IW6MYKaxtLEG

Malware Config

Targets

    • Target

      661d6eb6ac7c569c21c765a6ea09fd0a_JaffaCakes118

    • Size

      643KB

    • MD5

      661d6eb6ac7c569c21c765a6ea09fd0a

    • SHA1

      3ba9f6031a19041bc499215a61ad82c34997ddcb

    • SHA256

      458a7240bace209c7a5490818bea5960d4efd006e03a441dc6ad5370a52aff1a

    • SHA512

      a293bdd7cef3b258bb011777531541d81e4d2e1a9f6018fa2e688b4d00fb0226b9b12b54d692d15733df2e036a331ddece79a47d7e5d622b0aede057afae8f9c

    • SSDEEP

      12288:xjkArEN249AyE/rbaMct4bO2/VGVw7E3kyaXl65zsWvVsMojKSHxgP7aOgCcDBDx:+FE//Tct4bOssROs5IW6MYKaxtLEG

    • Modifies visiblity of hidden/system files in Explorer

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks