Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8e5aacbc0e4ff084a0193ba315167f2b_JaffaCakes118

  • Size

    968KB

  • Sample

    240812-mcd3gawglp

  • MD5

    8e5aacbc0e4ff084a0193ba315167f2b

  • SHA1

    aa1a11ac84407bf6fb7523642943c717a612cc84

  • SHA256

    e1b78d2e1c52b5e26e9d8ce84cf2ee145c5f0b24e76e56c6862f129b3d4f59a9

  • SHA512

    dd7ddb79e36f4d60e40d4fb4d657dea2ae37240e790e34e815a069b4b28302a5c9bdcb6354298d3826092a98bc4c20edcace37eb6af100383d75f2335c0f8205

  • SSDEEP

    24576:V84Dk9sKBwlOSJxqGAuvB97L88Sio5FSVPEHN/rZQ:V8l9xeOS83SS1i

Malware Config

Targets

    • Target

      8e5aacbc0e4ff084a0193ba315167f2b_JaffaCakes118

    • Size

      968KB

    • MD5

      8e5aacbc0e4ff084a0193ba315167f2b

    • SHA1

      aa1a11ac84407bf6fb7523642943c717a612cc84

    • SHA256

      e1b78d2e1c52b5e26e9d8ce84cf2ee145c5f0b24e76e56c6862f129b3d4f59a9

    • SHA512

      dd7ddb79e36f4d60e40d4fb4d657dea2ae37240e790e34e815a069b4b28302a5c9bdcb6354298d3826092a98bc4c20edcace37eb6af100383d75f2335c0f8205

    • SSDEEP

      24576:V84Dk9sKBwlOSJxqGAuvB97L88Sio5FSVPEHN/rZQ:V8l9xeOS83SS1i

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks