Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7621cafe46475b60056b307079a25ba5_JaffaCakes118

  • Size

    50KB

  • Sample

    240726-2593yatfph

  • MD5

    7621cafe46475b60056b307079a25ba5

  • SHA1

    a0f9aca4901b8dbadaeaab660415d7ff57543f44

  • SHA256

    c25bb4b87035025c73c699bcd9edc7cdb3b904042f32f6d56b822103d9f895a2

  • SHA512

    21453045aa51c119ef0359c5617c53761ddf96bacca92d0dcb2729e4c766481f7f4b9c7f1f045649feced3024a1c69763e5cd43c046a0bf7e3639843ac030bd1

  • SSDEEP

    768:bIqTD/H6QTrauqbEzJr9W3UiBCgFWe+ekWh5nZ2saRCuQMhjA:btiCWuqbEzVoEifUWh5Db

Malware Config

Targets

    • Target

      7621cafe46475b60056b307079a25ba5_JaffaCakes118

    • Size

      50KB

    • MD5

      7621cafe46475b60056b307079a25ba5

    • SHA1

      a0f9aca4901b8dbadaeaab660415d7ff57543f44

    • SHA256

      c25bb4b87035025c73c699bcd9edc7cdb3b904042f32f6d56b822103d9f895a2

    • SHA512

      21453045aa51c119ef0359c5617c53761ddf96bacca92d0dcb2729e4c766481f7f4b9c7f1f045649feced3024a1c69763e5cd43c046a0bf7e3639843ac030bd1

    • SSDEEP

      768:bIqTD/H6QTrauqbEzJr9W3UiBCgFWe+ekWh5nZ2saRCuQMhjA:btiCWuqbEzVoEifUWh5Db

    • Modifies WinLogon for persistence

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks