Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118

  • Size

    188KB

  • Sample

    240811-3v9j4azbqc

  • MD5

    8c7bc2b50d0f9b69607c61618b2b0a57

  • SHA1

    eda86f69a6942103c2f4fe37ef609cc279d01344

  • SHA256

    235b802abc965f5387b42260a19f2fec014b0941884965dbbcad5a29b583ab32

  • SHA512

    6b43a6eca7a51535af86d4bee643d23692721e0780239488633b3f4ac91c51166eb232a006fd696b6d7eb660392e71756065458d3b38a1355f6f7ec41106927e

  • SSDEEP

    3072:43hbNo9ARyLYO3m0BVnb/tAiwpDxxNDjSbDOckI+6Ja/I63TNbTZ/Atxt:klaVm0Hb/tAiuFxNvAn+D/I63Bq

Malware Config

Targets

    • Target

      8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118

    • Size

      188KB

    • MD5

      8c7bc2b50d0f9b69607c61618b2b0a57

    • SHA1

      eda86f69a6942103c2f4fe37ef609cc279d01344

    • SHA256

      235b802abc965f5387b42260a19f2fec014b0941884965dbbcad5a29b583ab32

    • SHA512

      6b43a6eca7a51535af86d4bee643d23692721e0780239488633b3f4ac91c51166eb232a006fd696b6d7eb660392e71756065458d3b38a1355f6f7ec41106927e

    • SSDEEP

      3072:43hbNo9ARyLYO3m0BVnb/tAiwpDxxNDjSbDOckI+6Ja/I63TNbTZ/Atxt:klaVm0Hb/tAiuFxNvAn+D/I63Bq

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks