Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6a25ac6cb56675a00eaef59fa44126ff_JaffaCakes118

  • Size

    256KB

  • Sample

    240724-ee8qvsxajp

  • MD5

    6a25ac6cb56675a00eaef59fa44126ff

  • SHA1

    33ce275fefa3cf530ebd19ad45eb63955b7739a9

  • SHA256

    b41a84f48eca6b5925c74d04f2e112858d01eacd4b1e7fe4c66c31b94463e717

  • SHA512

    3d6c95521d9ee2a8fd9653be1a6bf2a91af466efb3dab4d98d114af0a36948d65401925291407315d05683794a09667cadacce55a1deaedefd0b8d6e01656094

  • SSDEEP

    6144:+7RPGkG+2O01WQY4MyTjGMT8N00lFKgOLpE4dFbbxGo:+7RekGLO0CyvGMT8N00GlDM

Malware Config

Targets

    • Target

      6a25ac6cb56675a00eaef59fa44126ff_JaffaCakes118

    • Size

      256KB

    • MD5

      6a25ac6cb56675a00eaef59fa44126ff

    • SHA1

      33ce275fefa3cf530ebd19ad45eb63955b7739a9

    • SHA256

      b41a84f48eca6b5925c74d04f2e112858d01eacd4b1e7fe4c66c31b94463e717

    • SHA512

      3d6c95521d9ee2a8fd9653be1a6bf2a91af466efb3dab4d98d114af0a36948d65401925291407315d05683794a09667cadacce55a1deaedefd0b8d6e01656094

    • SSDEEP

      6144:+7RPGkG+2O01WQY4MyTjGMT8N00lFKgOLpE4dFbbxGo:+7RekGLO0CyvGMT8N00GlDM

    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks