Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

87bc1902b8...18.exe

windows7-x64

10

87bc1902b8...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    87bc1902b89ac09e8904fb77f997bf02_JaffaCakes118

  • Size

    473KB

  • Sample

    240810-1abffsyfkk

  • MD5

    87bc1902b89ac09e8904fb77f997bf02

  • SHA1

    7f193a3ca6f3e20e005d1890ccc30197ef5df1e0

  • SHA256

    6c60b3c7f78328a56feda777b42491357ecc3c867c5decaee091df9e5238fb7f

  • SHA512

    8fa91c61513b80fcb67ecc1640359db4c481013346f7ced0d79afa08bbd5621282f57e29fd8014e7f2f651cda68705874a2e22e9340d77bf7c77b531cb86fb8e

  • SSDEEP

    6144:JnXOFxDkS6WtG6gGUgy9ZWHhnP9Ba5CfZomKKg7+uTAVg9EVJ0BVKvh82CYBuBNk:JRS6Wefq9Ba5oO7TUUk

Score
10/10
discoveryevasionexecutiontrojan

Malware Config

Targets

    • Target

      87bc1902b89ac09e8904fb77f997bf02_JaffaCakes118

    • Size

      473KB

    • MD5

      87bc1902b89ac09e8904fb77f997bf02

    • SHA1

      7f193a3ca6f3e20e005d1890ccc30197ef5df1e0

    • SHA256

      6c60b3c7f78328a56feda777b42491357ecc3c867c5decaee091df9e5238fb7f

    • SHA512

      8fa91c61513b80fcb67ecc1640359db4c481013346f7ced0d79afa08bbd5621282f57e29fd8014e7f2f651cda68705874a2e22e9340d77bf7c77b531cb86fb8e

    • SSDEEP

      6144:JnXOFxDkS6WtG6gGUgy9ZWHhnP9Ba5CfZomKKg7+uTAVg9EVJ0BVKvh82CYBuBNk:JRS6Wefq9Ba5oO7TUUk

    Score
    10/10
    discoveryevasionexecutiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Stops running service(s)

      evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks