Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    899f7a7e45a4da66ddd2be41d57ff085_JaffaCakes118

  • Size

    670KB

  • Sample

    240811-jzxasavhrc

  • MD5

    899f7a7e45a4da66ddd2be41d57ff085

  • SHA1

    4409693bbe1a94c939589d0086552f7327755994

  • SHA256

    9567fe10e815c505de5d83bc33b02e8f28d7379caa6e5599f7acd8444d897d52

  • SHA512

    e3583b5742d833f31fd16669b7788c0476662f70996e23386364dd1ad4b79aa0d96c60e59d179150954f331872148ad7e892b3073e51ec7e6730f7749e372e30

  • SSDEEP

    12288:jbg04agUYlothAbgr1sya/vdnx1MHQbRLSnvB:jbnGshAUr1EHRmQbRLSvB

Malware Config

Targets

    • Target

      899f7a7e45a4da66ddd2be41d57ff085_JaffaCakes118

    • Size

      670KB

    • MD5

      899f7a7e45a4da66ddd2be41d57ff085

    • SHA1

      4409693bbe1a94c939589d0086552f7327755994

    • SHA256

      9567fe10e815c505de5d83bc33b02e8f28d7379caa6e5599f7acd8444d897d52

    • SHA512

      e3583b5742d833f31fd16669b7788c0476662f70996e23386364dd1ad4b79aa0d96c60e59d179150954f331872148ad7e892b3073e51ec7e6730f7749e372e30

    • SSDEEP

      12288:jbg04agUYlothAbgr1sya/vdnx1MHQbRLSnvB:jbnGshAUr1EHRmQbRLSvB

    • Modifies firewall policy service

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks