Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    00c159768dadac45afcc04f829277742_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240727-zlgwyaxgkk

  • MD5

    00c159768dadac45afcc04f829277742

  • SHA1

    87095e7e4bc26ebb7e1554f95b9eaf2ba6a97312

  • SHA256

    3f73abce01fd4996f17671c8c4427f281818f9e890fca214a09bfd0176545d79

  • SHA512

    c2c4a1931caf671e0182257729d9707cba8a9a9aee7f5c5ad17b443a60db090457b6f6d20f2340c88117717f5c652ff08bdce4c57050b28340d52ff095bdbbba

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pubHi:NAB5

Malware Config

Targets

    • Target

      00c159768dadac45afcc04f829277742_JaffaCakes118

    • Size

      1.8MB

    • MD5

      00c159768dadac45afcc04f829277742

    • SHA1

      87095e7e4bc26ebb7e1554f95b9eaf2ba6a97312

    • SHA256

      3f73abce01fd4996f17671c8c4427f281818f9e890fca214a09bfd0176545d79

    • SHA512

      c2c4a1931caf671e0182257729d9707cba8a9a9aee7f5c5ad17b443a60db090457b6f6d20f2340c88117717f5c652ff08bdce4c57050b28340d52ff095bdbbba

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pubHi:NAB5

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks