Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    772bc1a33bed6e7a8c3e2b0974ff550a_JaffaCakes118

  • Size

    476KB

  • Sample

    240727-gh4meszgkk

  • MD5

    772bc1a33bed6e7a8c3e2b0974ff550a

  • SHA1

    4196ddb42254e377e8066d33f6a60be92bc3bd81

  • SHA256

    efe438f027c6ff5a6b80a4642176141ddda0c2bdc081ed914999d878e084d066

  • SHA512

    e952ab3ef6da8c3703c7a888efe1c081ad85e5e083b3ba4293590e162a80b40976f6777087185107b49e9fc5b87186c59eff11bcb5840cbc8d0e198307c8a420

  • SSDEEP

    6144:ckMICtzWkvpia97cVsG9nJdxRh0R0VutL4O3igTVmTqL//VLJRLYOXTSbMyAG:ckmxnpia+1P0R0Vmv37T8TqRJB9XTSbB

Malware Config

Targets

    • Target

      772bc1a33bed6e7a8c3e2b0974ff550a_JaffaCakes118

    • Size

      476KB

    • MD5

      772bc1a33bed6e7a8c3e2b0974ff550a

    • SHA1

      4196ddb42254e377e8066d33f6a60be92bc3bd81

    • SHA256

      efe438f027c6ff5a6b80a4642176141ddda0c2bdc081ed914999d878e084d066

    • SHA512

      e952ab3ef6da8c3703c7a888efe1c081ad85e5e083b3ba4293590e162a80b40976f6777087185107b49e9fc5b87186c59eff11bcb5840cbc8d0e198307c8a420

    • SSDEEP

      6144:ckMICtzWkvpia97cVsG9nJdxRh0R0VutL4O3igTVmTqL//VLJRLYOXTSbMyAG:ckmxnpia+1P0R0Vmv37T8TqRJB9XTSbB

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks