Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7235a6cb8daf05e126accb0bb71b1745_JaffaCakes118

  • Size

    33KB

  • Sample

    240726-cnw3bazenk

  • MD5

    7235a6cb8daf05e126accb0bb71b1745

  • SHA1

    79f3234feb1af48fcec3c01c25e6298a1e14483a

  • SHA256

    908095ef8efd3243e7233d7f33fe7b78f65a563ca43180a0826e8b6d4cc49ce6

  • SHA512

    6840fb7018bfb89af2c26e99c5f65ac3a09cb275b152b23850a8b09a40310d81e19532dadbd16bfb04632611ae64000fdfcd6a12e9bebdf3b4baa41ab0480e52

  • SSDEEP

    768:erPCBB3zaPmI9/oHW40OmV+rI1dQG4csxaKVTWbb:QPCBRaPt5oHWfq81dQG4jxaKVTk

Malware Config

Targets

    • Target

      7235a6cb8daf05e126accb0bb71b1745_JaffaCakes118

    • Size

      33KB

    • MD5

      7235a6cb8daf05e126accb0bb71b1745

    • SHA1

      79f3234feb1af48fcec3c01c25e6298a1e14483a

    • SHA256

      908095ef8efd3243e7233d7f33fe7b78f65a563ca43180a0826e8b6d4cc49ce6

    • SHA512

      6840fb7018bfb89af2c26e99c5f65ac3a09cb275b152b23850a8b09a40310d81e19532dadbd16bfb04632611ae64000fdfcd6a12e9bebdf3b4baa41ab0480e52

    • SSDEEP

      768:erPCBB3zaPmI9/oHW40OmV+rI1dQG4csxaKVTWbb:QPCBRaPt5oHWfq81dQG4jxaKVTk

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks