Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8ba453f79ebd16a8905484681918c2f0_JaffaCakes118

  • Size

    413KB

  • Sample

    240811-xypffatejj

  • MD5

    8ba453f79ebd16a8905484681918c2f0

  • SHA1

    9de5f96e61156db2bf6c6379fafe70443a4dcc81

  • SHA256

    a584e4a5826b492a01e11f63f0f9b88bd0dad58c2e3d9070329996d6286b5309

  • SHA512

    1db779bd65bd73dd74e66d5bb618dddf36da4505f63a0d599972557ebe2393041941c764a47345824bcf962e22909a7a5f6d33310b203135441504f0ca1e5168

  • SSDEEP

    6144:Q7/7Wn2iBqScSkltGne4D64jdMcmR5HYfEsq4DKxZtmCmUbLZOTvoU:Q7TykFILjdbmR54csq4DK/tOTwU

Malware Config

Targets

    • Target

      8ba453f79ebd16a8905484681918c2f0_JaffaCakes118

    • Size

      413KB

    • MD5

      8ba453f79ebd16a8905484681918c2f0

    • SHA1

      9de5f96e61156db2bf6c6379fafe70443a4dcc81

    • SHA256

      a584e4a5826b492a01e11f63f0f9b88bd0dad58c2e3d9070329996d6286b5309

    • SHA512

      1db779bd65bd73dd74e66d5bb618dddf36da4505f63a0d599972557ebe2393041941c764a47345824bcf962e22909a7a5f6d33310b203135441504f0ca1e5168

    • SSDEEP

      6144:Q7/7Wn2iBqScSkltGne4D64jdMcmR5HYfEsq4DKxZtmCmUbLZOTvoU:Q7TykFILjdbmR54csq4DK/tOTwU

    • Modifies WinLogon for persistence

    • Modifies security service

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks