Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8a1011b1536554be844258abcfbf35c2_JaffaCakes118

  • Size

    21.3MB

  • Sample

    240811-mthf8azgnc

  • MD5

    8a1011b1536554be844258abcfbf35c2

  • SHA1

    8434a6be612dee55d189ac41c0218b3fa4c86099

  • SHA256

    8f928095149d31bf6951099b6bf6cd3ac31b21ff50dcbe6aeccdfa5b29c6ab58

  • SHA512

    7c6e688fc2a18e028f7a5c420a7e2525f37a53f9cc7b65272a6c50a79adf8cf65e774a32f0907cbb8e9f3596bd78e1d4bb9bf3a06a34775410412b75ff0df6b8

  • SSDEEP

    393216:i+j2MW6g3UMSrLNDCy6lvjwTua86Cc5j4XC1ucZkjy8sfDo9Njit:6hvSfpCy6l76P4IlZT8s

Malware Config

Targets

    • Target

      8a1011b1536554be844258abcfbf35c2_JaffaCakes118

    • Size

      21.3MB

    • MD5

      8a1011b1536554be844258abcfbf35c2

    • SHA1

      8434a6be612dee55d189ac41c0218b3fa4c86099

    • SHA256

      8f928095149d31bf6951099b6bf6cd3ac31b21ff50dcbe6aeccdfa5b29c6ab58

    • SHA512

      7c6e688fc2a18e028f7a5c420a7e2525f37a53f9cc7b65272a6c50a79adf8cf65e774a32f0907cbb8e9f3596bd78e1d4bb9bf3a06a34775410412b75ff0df6b8

    • SSDEEP

      393216:i+j2MW6g3UMSrLNDCy6lvjwTua86Cc5j4XC1ucZkjy8sfDo9Njit:6hvSfpCy6l76P4IlZT8s

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Cryptocurrency Miner

      Makes network request to known mining pool URL.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks