Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    69e86e1f2a15a6b4bfc1282dea672db4_JaffaCakes118

  • Size

    57KB

  • Sample

    240724-ct72rswcpa

  • MD5

    69e86e1f2a15a6b4bfc1282dea672db4

  • SHA1

    c99f345ca568ec9d42e31df5504143629422fe3d

  • SHA256

    85b77065f0b940480ac8ae4251d54984f0bd6bf3eceb00a0fd8b9899ecb960a6

  • SHA512

    cbf6bef454c1eefab085a800ebfc963ec018bc4e175cb2af3f525e61bfd2cdc391c0c3fb5d5b6bf4f60b4e95d7bfe1b498e5c8ed7855d6edfb4b665b14d95eed

  • SSDEEP

    768:TiMjpO09kyj3KQ8gvIjCGPWchf28iqv05XUs/5V2GI9c/Jyea+TSpJlI:TJpb9ZzKQpw+dus/LfN/ltSfq

Malware Config

Targets

    • Target

      69e86e1f2a15a6b4bfc1282dea672db4_JaffaCakes118

    • Size

      57KB

    • MD5

      69e86e1f2a15a6b4bfc1282dea672db4

    • SHA1

      c99f345ca568ec9d42e31df5504143629422fe3d

    • SHA256

      85b77065f0b940480ac8ae4251d54984f0bd6bf3eceb00a0fd8b9899ecb960a6

    • SHA512

      cbf6bef454c1eefab085a800ebfc963ec018bc4e175cb2af3f525e61bfd2cdc391c0c3fb5d5b6bf4f60b4e95d7bfe1b498e5c8ed7855d6edfb4b665b14d95eed

    • SSDEEP

      768:TiMjpO09kyj3KQ8gvIjCGPWchf28iqv05XUs/5V2GI9c/Jyea+TSpJlI:TJpb9ZzKQpw+dus/LfN/ltSfq

    • Modifies firewall policy service

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks