Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8ee5151279f21a802c7c4a35c438559e_JaffaCakes118

  • Size

    264KB

  • Sample

    240812-qn7qpssgqp

  • MD5

    8ee5151279f21a802c7c4a35c438559e

  • SHA1

    968c2a3637bab54cb8eaf3e5552e42f612ef5786

  • SHA256

    c4539628a4b771a1b1276de073b43d9ebf669154c7c89fdb5cc63ec6e3230047

  • SHA512

    35688680ec958269b9e764fbec21115b1533d3a99b2fc56f61da4cd132d9e5b63db9c121444d5b79e35b6973980e5809a49e451b73e18f2f2467668af25f91a0

  • SSDEEP

    6144:3/nyiyjGgZdQL4MF7w8iigvookK2vhlwfk:vyzl24MRTgb2c8

Malware Config

Targets

    • Target

      8ee5151279f21a802c7c4a35c438559e_JaffaCakes118

    • Size

      264KB

    • MD5

      8ee5151279f21a802c7c4a35c438559e

    • SHA1

      968c2a3637bab54cb8eaf3e5552e42f612ef5786

    • SHA256

      c4539628a4b771a1b1276de073b43d9ebf669154c7c89fdb5cc63ec6e3230047

    • SHA512

      35688680ec958269b9e764fbec21115b1533d3a99b2fc56f61da4cd132d9e5b63db9c121444d5b79e35b6973980e5809a49e451b73e18f2f2467668af25f91a0

    • SSDEEP

      6144:3/nyiyjGgZdQL4MF7w8iigvookK2vhlwfk:vyzl24MRTgb2c8

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks