Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    86b7f328217fe15567345321e31f7c5a_JaffaCakes118

  • Size

    140KB

  • Sample

    240810-tf9rwawgrj

  • MD5

    86b7f328217fe15567345321e31f7c5a

  • SHA1

    6f69c40d3918b2e5fc646953bd1e1322acd3f7ee

  • SHA256

    98e4678511d215a6243d6012d9f71ae78d5afcb0f5cc93cf4e3aa403ef716443

  • SHA512

    9986c5a9e88bef527a41a860a8763e71e4468ed9951a37557dee4172db95caec8a892439fb2110f54360ff3102b3b1645d75d7004c744376bc6612082f54b994

  • SSDEEP

    3072:xlJjsSFgXhVq+98ky3bgeMzDlGoTz/xDQJ0oN8:tjsSKXhVq+6k48eMzZXxDQJ0o

Malware Config

Targets

    • Target

      86b7f328217fe15567345321e31f7c5a_JaffaCakes118

    • Size

      140KB

    • MD5

      86b7f328217fe15567345321e31f7c5a

    • SHA1

      6f69c40d3918b2e5fc646953bd1e1322acd3f7ee

    • SHA256

      98e4678511d215a6243d6012d9f71ae78d5afcb0f5cc93cf4e3aa403ef716443

    • SHA512

      9986c5a9e88bef527a41a860a8763e71e4468ed9951a37557dee4172db95caec8a892439fb2110f54360ff3102b3b1645d75d7004c744376bc6612082f54b994

    • SSDEEP

      3072:xlJjsSFgXhVq+98ky3bgeMzDlGoTz/xDQJ0oN8:tjsSKXhVq+6k48eMzZXxDQJ0o

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Network Share Discovery

      Attempt to gather information on host network.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks