Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    86cd57473f366479770b7e98b5993e32_JaffaCakes118

  • Size

    112KB

  • Sample

    240810-typvesxfkp

  • MD5

    86cd57473f366479770b7e98b5993e32

  • SHA1

    0f1834869ff4b7c453871636a3068ce8f7ca7239

  • SHA256

    46c9ebf6367e5998f13ba3ac4259bc1e67371462ebfc2a2c858278cdb5cb608a

  • SHA512

    93408fb92019b8da7831cabc83537e703066d7319dac1a7d7f07a211a507c28ecfaaa36fe5d99457acf835ab03ea90280c756cca6c3a4c3801efccdce0f23c23

  • SSDEEP

    3072:xq6SMOZ7i/tEzZ7wbPi6MY21hTbrnNwIxsLzO:xIzZ7i/tENaPi6/mTPNwIxsLy

Malware Config

Targets

    • Target

      86cd57473f366479770b7e98b5993e32_JaffaCakes118

    • Size

      112KB

    • MD5

      86cd57473f366479770b7e98b5993e32

    • SHA1

      0f1834869ff4b7c453871636a3068ce8f7ca7239

    • SHA256

      46c9ebf6367e5998f13ba3ac4259bc1e67371462ebfc2a2c858278cdb5cb608a

    • SHA512

      93408fb92019b8da7831cabc83537e703066d7319dac1a7d7f07a211a507c28ecfaaa36fe5d99457acf835ab03ea90280c756cca6c3a4c3801efccdce0f23c23

    • SSDEEP

      3072:xq6SMOZ7i/tEzZ7wbPi6MY21hTbrnNwIxsLzO:xIzZ7i/tENaPi6/mTPNwIxsLy

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks