Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6f867033d12343caae169816571bbc96_JaffaCakes118

  • Size

    245KB

  • Sample

    240725-pdz3faxhkq

  • MD5

    6f867033d12343caae169816571bbc96

  • SHA1

    ea22775d7ea1095c5ba14c6cbc581277162a8f95

  • SHA256

    78efc6a4a94478a2442226fdb33bac4a551f5a4da513ebd503a84a24e67c2912

  • SHA512

    677ee09abaa42a444ccdd5e7ef04175e8a1743ff5a8a7b0667b21ea4d2667f3ecf938b9495247d1c05be64a99056409791b548545e3ca259aa86565ff20f543f

  • SSDEEP

    6144:SIEMxnh451gpkh15KYL27xs0AJvwRQwsWrn:WzTQW5fL27xs0Ovw

Malware Config

Targets

    • Target

      6f867033d12343caae169816571bbc96_JaffaCakes118

    • Size

      245KB

    • MD5

      6f867033d12343caae169816571bbc96

    • SHA1

      ea22775d7ea1095c5ba14c6cbc581277162a8f95

    • SHA256

      78efc6a4a94478a2442226fdb33bac4a551f5a4da513ebd503a84a24e67c2912

    • SHA512

      677ee09abaa42a444ccdd5e7ef04175e8a1743ff5a8a7b0667b21ea4d2667f3ecf938b9495247d1c05be64a99056409791b548545e3ca259aa86565ff20f543f

    • SSDEEP

      6144:SIEMxnh451gpkh15KYL27xs0AJvwRQwsWrn:WzTQW5fL27xs0Ovw

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks