Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8c7bc2b50d...18.exe

windows7-x64

7

8c7bc2b50d...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118

  • Size

    188KB

  • Sample

    240811-3v9j4azbqc

  • MD5

    8c7bc2b50d0f9b69607c61618b2b0a57

  • SHA1

    eda86f69a6942103c2f4fe37ef609cc279d01344

  • SHA256

    235b802abc965f5387b42260a19f2fec014b0941884965dbbcad5a29b583ab32

  • SHA512

    6b43a6eca7a51535af86d4bee643d23692721e0780239488633b3f4ac91c51166eb232a006fd696b6d7eb660392e71756065458d3b38a1355f6f7ec41106927e

  • SSDEEP

    3072:43hbNo9ARyLYO3m0BVnb/tAiwpDxxNDjSbDOckI+6Ja/I63TNbTZ/Atxt:klaVm0Hb/tAiuFxNvAn+D/I63Bq

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118

    • Size

      188KB

    • MD5

      8c7bc2b50d0f9b69607c61618b2b0a57

    • SHA1

      eda86f69a6942103c2f4fe37ef609cc279d01344

    • SHA256

      235b802abc965f5387b42260a19f2fec014b0941884965dbbcad5a29b583ab32

    • SHA512

      6b43a6eca7a51535af86d4bee643d23692721e0780239488633b3f4ac91c51166eb232a006fd696b6d7eb660392e71756065458d3b38a1355f6f7ec41106927e

    • SSDEEP

      3072:43hbNo9ARyLYO3m0BVnb/tAiwpDxxNDjSbDOckI+6Ja/I63TNbTZ/Atxt:klaVm0Hb/tAiuFxNvAn+D/I63Bq

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks