Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    677db9afd4a7dab39e559cbfcb8de21d_JaffaCakes118

  • Size

    152KB

  • Sample

    240723-n3mmzavgjr

  • MD5

    677db9afd4a7dab39e559cbfcb8de21d

  • SHA1

    ddd9249eae614e40c351f953a59f73a3c9a066a9

  • SHA256

    c246562d445a87510ca922f72562f5643774f534d87150b5ea419f33e152fd10

  • SHA512

    2a64376f0f7dcc42620ff7a41c7000f7385c95818c0771ef056720c438ea9c318f2f572052c1d0024c4ae2d17c6169a9c94de82151513d57c92ecd8123d7f92e

  • SSDEEP

    3072:Rsre8BcmZEUfhWlzDVQxLAaC61PG1Ff/y+l44P:JyESwlDVeN1S44P

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      677db9afd4a7dab39e559cbfcb8de21d_JaffaCakes118

    • Size

      152KB

    • MD5

      677db9afd4a7dab39e559cbfcb8de21d

    • SHA1

      ddd9249eae614e40c351f953a59f73a3c9a066a9

    • SHA256

      c246562d445a87510ca922f72562f5643774f534d87150b5ea419f33e152fd10

    • SHA512

      2a64376f0f7dcc42620ff7a41c7000f7385c95818c0771ef056720c438ea9c318f2f572052c1d0024c4ae2d17c6169a9c94de82151513d57c92ecd8123d7f92e

    • SSDEEP

      3072:Rsre8BcmZEUfhWlzDVQxLAaC61PG1Ff/y+l44P:JyESwlDVeN1S44P

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks