Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0257a63158035ec4623f257cf62b0e6c_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240727-3cqz2athjl

  • MD5

    0257a63158035ec4623f257cf62b0e6c

  • SHA1

    c314c5c2482eed4ac47c7261508124766398f23a

  • SHA256

    6b5497980e74e4f91680ef25c24951b708ced3d7c3c6fa438a63aee3ec6ebdb1

  • SHA512

    bdd4f107fdff36b512318b0ba461c1f705a3661de60f3167207d3c6d33bf9d30454eae4c6ed01bfc3dce3227c3a1874cf3f2b821e6874d9fa840cbe07245dbd8

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXeuq2:NABL

Malware Config

Targets

    • Target

      0257a63158035ec4623f257cf62b0e6c_JaffaCakes118

    • Size

      1.7MB

    • MD5

      0257a63158035ec4623f257cf62b0e6c

    • SHA1

      c314c5c2482eed4ac47c7261508124766398f23a

    • SHA256

      6b5497980e74e4f91680ef25c24951b708ced3d7c3c6fa438a63aee3ec6ebdb1

    • SHA512

      bdd4f107fdff36b512318b0ba461c1f705a3661de60f3167207d3c6d33bf9d30454eae4c6ed01bfc3dce3227c3a1874cf3f2b821e6874d9fa840cbe07245dbd8

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXeuq2:NABL

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks