Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6ef50ed3896a94e948c0f54ebfafb097_JaffaCakes118

  • Size

    131KB

  • Sample

    240725-k48p2ssgre

  • MD5

    6ef50ed3896a94e948c0f54ebfafb097

  • SHA1

    9f2e965528efb8b5647c3c9f5cd0d2ea4b59f87e

  • SHA256

    03ab9ed160437fb70245ff625e47325695395e23a6726e80b81d1025e3cd327d

  • SHA512

    fbdc883287037d08b072f21ff7d33deabbbcbe1adeaa9a77c5a172338ba70f38ff6d9ba6564e27f8c7ddc423e15d016f60c93870d74242ea7772468ce85f4b56

  • SSDEEP

    3072:byvykMmWULgCdTZQpoGww24PRkoHGDBTDVbnD:bXkMULgCdTqpoGTjRk7D

Malware Config

Targets

    • Target

      6ef50ed3896a94e948c0f54ebfafb097_JaffaCakes118

    • Size

      131KB

    • MD5

      6ef50ed3896a94e948c0f54ebfafb097

    • SHA1

      9f2e965528efb8b5647c3c9f5cd0d2ea4b59f87e

    • SHA256

      03ab9ed160437fb70245ff625e47325695395e23a6726e80b81d1025e3cd327d

    • SHA512

      fbdc883287037d08b072f21ff7d33deabbbcbe1adeaa9a77c5a172338ba70f38ff6d9ba6564e27f8c7ddc423e15d016f60c93870d74242ea7772468ce85f4b56

    • SSDEEP

      3072:byvykMmWULgCdTZQpoGww24PRkoHGDBTDVbnD:bXkMULgCdTqpoGTjRk7D

    • UAC bypass

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks