Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    958696db34f63219fc9345a0f74f62ae_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240814-lh3scavdld

  • MD5

    958696db34f63219fc9345a0f74f62ae

  • SHA1

    d461e9d74a17327b5ece1f4a763ca144d59145e0

  • SHA256

    7252a6dccc6185eab3da2db31e7db995c5dd1fd1950720a57fec026f635b55bf

  • SHA512

    22c5179249e91522021bc908b7ccfb87ca1190c250020851e9ca5dfdc0f6e0a164a641de62f6bd59df869d9342c695f97fb9eb308740afee75d8ad4f1226da5e

  • SSDEEP

    24576:2gtzxyA65kT+o/NQzGFuzUWZMSWn/5TfdG4yVNEW8gsdorQwPPweMhRGh0xz/Caj:289f/9eNW/5Tfk4GHrbdkuaWA

Malware Config

Targets

    • Target

      958696db34f63219fc9345a0f74f62ae_JaffaCakes118

    • Size

      1.5MB

    • MD5

      958696db34f63219fc9345a0f74f62ae

    • SHA1

      d461e9d74a17327b5ece1f4a763ca144d59145e0

    • SHA256

      7252a6dccc6185eab3da2db31e7db995c5dd1fd1950720a57fec026f635b55bf

    • SHA512

      22c5179249e91522021bc908b7ccfb87ca1190c250020851e9ca5dfdc0f6e0a164a641de62f6bd59df869d9342c695f97fb9eb308740afee75d8ad4f1226da5e

    • SSDEEP

      24576:2gtzxyA65kT+o/NQzGFuzUWZMSWn/5TfdG4yVNEW8gsdorQwPPweMhRGh0xz/Caj:289f/9eNW/5Tfk4GHrbdkuaWA

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Deletes itself

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks