Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

86b7f32821...18.exe

windows7-x64

7

86b7f32821...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86b7f328217fe15567345321e31f7c5a_JaffaCakes118

  • Size

    140KB

  • Sample

    240810-tf9rwawgrj

  • MD5

    86b7f328217fe15567345321e31f7c5a

  • SHA1

    6f69c40d3918b2e5fc646953bd1e1322acd3f7ee

  • SHA256

    98e4678511d215a6243d6012d9f71ae78d5afcb0f5cc93cf4e3aa403ef716443

  • SHA512

    9986c5a9e88bef527a41a860a8763e71e4468ed9951a37557dee4172db95caec8a892439fb2110f54360ff3102b3b1645d75d7004c744376bc6612082f54b994

  • SSDEEP

    3072:xlJjsSFgXhVq+98ky3bgeMzDlGoTz/xDQJ0oN8:tjsSKXhVq+6k48eMzZXxDQJ0o

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      86b7f328217fe15567345321e31f7c5a_JaffaCakes118

    • Size

      140KB

    • MD5

      86b7f328217fe15567345321e31f7c5a

    • SHA1

      6f69c40d3918b2e5fc646953bd1e1322acd3f7ee

    • SHA256

      98e4678511d215a6243d6012d9f71ae78d5afcb0f5cc93cf4e3aa403ef716443

    • SHA512

      9986c5a9e88bef527a41a860a8763e71e4468ed9951a37557dee4172db95caec8a892439fb2110f54360ff3102b3b1645d75d7004c744376bc6612082f54b994

    • SSDEEP

      3072:xlJjsSFgXhVq+98ky3bgeMzDlGoTz/xDQJ0oN8:tjsSKXhVq+6k48eMzZXxDQJ0o

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks