Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    95c77ea0b777d9e2b82136ec0d24151d_JaffaCakes118

  • Size

    163KB

  • Sample

    240814-mv9bbsxgrc

  • MD5

    95c77ea0b777d9e2b82136ec0d24151d

  • SHA1

    92486be9ee3505c38330ebcb48ad9af6a6a3e703

  • SHA256

    fad076e6251a6cfac705b8ebb773fa9a975e950d02a463cc1aaf64563ec3af9e

  • SHA512

    36d73b54cd5cf6767142c158cdaf7c1bc2fcaa929227cdba2b9b91dbcd52297923e5a96b7db8f56cb58cbfbe6c8b7e061e3053aa692ba4560a96ee447c19fa45

  • SSDEEP

    3072:O244R/lE7liD1P8sFdXoh1U7Nm9fW1bwjAO7T4NehXn6vn+m5Av+3ywTZ7oWMy43:O2R/lE7aUsDoh+pk3jAO7QehXn6/+maD

Malware Config

Targets

    • Target

      95c77ea0b777d9e2b82136ec0d24151d_JaffaCakes118

    • Size

      163KB

    • MD5

      95c77ea0b777d9e2b82136ec0d24151d

    • SHA1

      92486be9ee3505c38330ebcb48ad9af6a6a3e703

    • SHA256

      fad076e6251a6cfac705b8ebb773fa9a975e950d02a463cc1aaf64563ec3af9e

    • SHA512

      36d73b54cd5cf6767142c158cdaf7c1bc2fcaa929227cdba2b9b91dbcd52297923e5a96b7db8f56cb58cbfbe6c8b7e061e3053aa692ba4560a96ee447c19fa45

    • SSDEEP

      3072:O244R/lE7liD1P8sFdXoh1U7Nm9fW1bwjAO7T4NehXn6vn+m5Av+3ywTZ7oWMy43:O2R/lE7aUsDoh+pk3jAO7QehXn6/+maD

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks