Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    86cfa223f7f1b5976ddc5211edbaeda6_JaffaCakes118

  • Size

    5.8MB

  • Sample

    240810-t1d6ps1hna

  • MD5

    86cfa223f7f1b5976ddc5211edbaeda6

  • SHA1

    7d4bdc0bb18b42ca45ee86a1f68fc50dcd1886e6

  • SHA256

    a30538fadd01aa54147f568d7a052f634474171a65e790141834d19ae9da0b57

  • SHA512

    b36f0ffc328e4148007996d4d686a4b60b218240ce4a1f51e6eb95c15aaab07ae71a7b846ec486b32cc983c8413befa865bab7543086db81273289ed0bbef339

  • SSDEEP

    768:O0OTUQP3nNzcxYBSlWXYtmVY0sxYp3hXP:O0OAc3FcxBsdVdsyBhXP

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      86cfa223f7f1b5976ddc5211edbaeda6_JaffaCakes118

    • Size

      5.8MB

    • MD5

      86cfa223f7f1b5976ddc5211edbaeda6

    • SHA1

      7d4bdc0bb18b42ca45ee86a1f68fc50dcd1886e6

    • SHA256

      a30538fadd01aa54147f568d7a052f634474171a65e790141834d19ae9da0b57

    • SHA512

      b36f0ffc328e4148007996d4d686a4b60b218240ce4a1f51e6eb95c15aaab07ae71a7b846ec486b32cc983c8413befa865bab7543086db81273289ed0bbef339

    • SSDEEP

      768:O0OTUQP3nNzcxYBSlWXYtmVY0sxYp3hXP:O0OAc3FcxBsdVdsyBhXP

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks