Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    735f2f3c0d78551946debbaae311ac44_JaffaCakes118

  • Size

    2.5MB

  • Sample

    240726-ktw89sxgnq

  • MD5

    735f2f3c0d78551946debbaae311ac44

  • SHA1

    0fbac06cea353237b488decd7fb172d8a4fdd1e6

  • SHA256

    79525c2360d5eb5b817a6ae852ab1daeb3de171f1fb04c3f67cc62b0cf78765e

  • SHA512

    556f89b7a61acf5226e5cc5845d146aff96d9f9e8ac8c6c7d53846c29d0679f24c5c0d4cf2e5bab70c2de3eb7472e43eec14953140bd8787a3a3f49bb1a84995

  • SSDEEP

    49152:Mr1rcdfkbfLxGETDBIpnsZffVzTSXTkurhjDm8tcGU:UhuMjFVTK6SXTZtmmcGU

Malware Config

Targets

    • Target

      735f2f3c0d78551946debbaae311ac44_JaffaCakes118

    • Size

      2.5MB

    • MD5

      735f2f3c0d78551946debbaae311ac44

    • SHA1

      0fbac06cea353237b488decd7fb172d8a4fdd1e6

    • SHA256

      79525c2360d5eb5b817a6ae852ab1daeb3de171f1fb04c3f67cc62b0cf78765e

    • SHA512

      556f89b7a61acf5226e5cc5845d146aff96d9f9e8ac8c6c7d53846c29d0679f24c5c0d4cf2e5bab70c2de3eb7472e43eec14953140bd8787a3a3f49bb1a84995

    • SSDEEP

      49152:Mr1rcdfkbfLxGETDBIpnsZffVzTSXTkurhjDm8tcGU:UhuMjFVTK6SXTZtmmcGU

    • Modifies WinLogon for persistence

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Deletes itself

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Modifies WinLogon

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks