Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    76431871bbbcbf9c2b5f319a0d206e5a_JaffaCakes118

  • Size

    870KB

  • Sample

    240726-3wgkpssfqr

  • MD5

    76431871bbbcbf9c2b5f319a0d206e5a

  • SHA1

    d044404ffa4ae7c52b4b22d9a71e8dd065ed3fd3

  • SHA256

    f5613c6137484b90027d1a9384a4a8065dd465129a17ce79f4bec5bd53ff1284

  • SHA512

    7a9114057941d9d84443661caee365b13e3bb1dd34098cf9ed0d7d145b2c1eda472413541f01441d67379306f454ed907d089bedce6a6450837c975d508448f6

  • SSDEEP

    12288:HYmiHHdBLtjUjweAxP54f+4r0RUKzKQfiINLAemYyBs02fUYQ2Vm88W7IOcCfQd2:HK5BUuP5A+447fdNESAs0Gn8WRfYd

Malware Config

Targets

    • Target

      76431871bbbcbf9c2b5f319a0d206e5a_JaffaCakes118

    • Size

      870KB

    • MD5

      76431871bbbcbf9c2b5f319a0d206e5a

    • SHA1

      d044404ffa4ae7c52b4b22d9a71e8dd065ed3fd3

    • SHA256

      f5613c6137484b90027d1a9384a4a8065dd465129a17ce79f4bec5bd53ff1284

    • SHA512

      7a9114057941d9d84443661caee365b13e3bb1dd34098cf9ed0d7d145b2c1eda472413541f01441d67379306f454ed907d089bedce6a6450837c975d508448f6

    • SSDEEP

      12288:HYmiHHdBLtjUjweAxP54f+4r0RUKzKQfiINLAemYyBs02fUYQ2Vm88W7IOcCfQd2:HK5BUuP5A+447fdNESAs0Gn8WRfYd

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks