Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a14124a3f85e4b827de7fc26f3f8a486_JaffaCakes118

  • Size

    236KB

  • Sample

    240817-ffn9aaxhnd

  • MD5

    a14124a3f85e4b827de7fc26f3f8a486

  • SHA1

    297681b8de6ba22ddadae836772f41126565dc77

  • SHA256

    1f3f62f463864cf4ed2d35f3d2b2d3ed1cf6a38c206bf19b5f3227496a4eb19f

  • SHA512

    c4eff1395ff4321a09791f8581f0e86f2d72ce968a3da779ab9ce94f70b2e0ab830d340a10993fa0d3e241326269f021f78223e8ce4e5cd81d88b735b7ebdebd

  • SSDEEP

    6144:hZiKocSHVJgztFoJqu4rspWcDXH4xU38PYuHSnzvQ/+:ijbHV2ZspbDXYxq8wuMzvV

Malware Config

Targets

    • Target

      a14124a3f85e4b827de7fc26f3f8a486_JaffaCakes118

    • Size

      236KB

    • MD5

      a14124a3f85e4b827de7fc26f3f8a486

    • SHA1

      297681b8de6ba22ddadae836772f41126565dc77

    • SHA256

      1f3f62f463864cf4ed2d35f3d2b2d3ed1cf6a38c206bf19b5f3227496a4eb19f

    • SHA512

      c4eff1395ff4321a09791f8581f0e86f2d72ce968a3da779ab9ce94f70b2e0ab830d340a10993fa0d3e241326269f021f78223e8ce4e5cd81d88b735b7ebdebd

    • SSDEEP

      6144:hZiKocSHVJgztFoJqu4rspWcDXH4xU38PYuHSnzvQ/+:ijbHV2ZspbDXYxq8wuMzvV

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks