Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    02b5448c5b94cdccba39e558edc244f4_JaffaCakes118

  • Size

    195KB

  • Sample

    240727-3qhwksyckf

  • MD5

    02b5448c5b94cdccba39e558edc244f4

  • SHA1

    c2412eb9496638d156e434cc8fdf843ee52552de

  • SHA256

    f46f7329bc4eed48113e539f94c5cbf4987a03ce775d70f61467a8c66dab5ad2

  • SHA512

    5910f40ae53b6a3030b7fb07cf48ecbf706e90f926d683afaa1cb3629ed1f8e9d2a233fc4514f4a21db5cefe868f8543d725a9371420a1dc8357e62f1ec8b130

  • SSDEEP

    3072:H5yAzyrQ/yjBWe6WYhoDnDkh91pkoDjE/u2nfkMlDCvSxQN:Z8WytWuYhoExpkok22nfVGDN

Malware Config

Targets

    • Target

      02b5448c5b94cdccba39e558edc244f4_JaffaCakes118

    • Size

      195KB

    • MD5

      02b5448c5b94cdccba39e558edc244f4

    • SHA1

      c2412eb9496638d156e434cc8fdf843ee52552de

    • SHA256

      f46f7329bc4eed48113e539f94c5cbf4987a03ce775d70f61467a8c66dab5ad2

    • SHA512

      5910f40ae53b6a3030b7fb07cf48ecbf706e90f926d683afaa1cb3629ed1f8e9d2a233fc4514f4a21db5cefe868f8543d725a9371420a1dc8357e62f1ec8b130

    • SSDEEP

      3072:H5yAzyrQ/yjBWe6WYhoDnDkh91pkoDjE/u2nfkMlDCvSxQN:Z8WytWuYhoExpkok22nfVGDN

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks