Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6831878c5a4637cc745279b8add40009_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240723-s7alesxerk

  • MD5

    6831878c5a4637cc745279b8add40009

  • SHA1

    8af2ad2a12cf6ff6f37d38a9314405a1e24f7f06

  • SHA256

    b3548cc678a05767b7635cc5a51e2c1ed7e04dfe8ebbfb4287a24e53558b25da

  • SHA512

    ebbd1a55009fc5b4843b1d84e5ae5bf251f98c99ab4867c2ff3c2d5be06e92d33611f37c5d9631f190019763e2bb8de7f5d4664a3f6ee274c7fe7db31897f37f

  • SSDEEP

    24576:jDx9hh1wUhGfxaFNz2qt9DLbGUzAqZs7alfVGs1qBowdyUw90xRB64Lgx7NyS:x9hh1wUh1XtVLaUcq/8TBowdDDr

Malware Config

Targets

    • Target

      6831878c5a4637cc745279b8add40009_JaffaCakes118

    • Size

      1.5MB

    • MD5

      6831878c5a4637cc745279b8add40009

    • SHA1

      8af2ad2a12cf6ff6f37d38a9314405a1e24f7f06

    • SHA256

      b3548cc678a05767b7635cc5a51e2c1ed7e04dfe8ebbfb4287a24e53558b25da

    • SHA512

      ebbd1a55009fc5b4843b1d84e5ae5bf251f98c99ab4867c2ff3c2d5be06e92d33611f37c5d9631f190019763e2bb8de7f5d4664a3f6ee274c7fe7db31897f37f

    • SSDEEP

      24576:jDx9hh1wUhGfxaFNz2qt9DLbGUzAqZs7alfVGs1qBowdyUw90xRB64Lgx7NyS:x9hh1wUh1XtVLaUcq/8TBowdDDr

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks