Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a4bdcefd97821332f39852f00b54a742_JaffaCakes118

  • Size

    436KB

  • Sample

    240818-a3d4yawdkb

  • MD5

    a4bdcefd97821332f39852f00b54a742

  • SHA1

    81018ef6ef0a11412b029524d865ae36ab6d3b91

  • SHA256

    d81b77c97e07449962abea2cf2b939fd58baf0428310be72d8e7654722b4dcc2

  • SHA512

    243e49ce01c56ee1a9eeb6824712044eb81f88a3dc199b408edb32b99534d5b45f29687586ac0ae2bec1acea9d0ac1fe2188d29227638f386e527cf49456fe73

  • SSDEEP

    6144:BpPDCOkXvBftF2WKcxQIop4T6jjtmUIM9n8xrF50uZPpvEoFuK/w:fCVZftAZcxtT62bbDvEU

Malware Config

Targets

    • Target

      a4bdcefd97821332f39852f00b54a742_JaffaCakes118

    • Size

      436KB

    • MD5

      a4bdcefd97821332f39852f00b54a742

    • SHA1

      81018ef6ef0a11412b029524d865ae36ab6d3b91

    • SHA256

      d81b77c97e07449962abea2cf2b939fd58baf0428310be72d8e7654722b4dcc2

    • SHA512

      243e49ce01c56ee1a9eeb6824712044eb81f88a3dc199b408edb32b99534d5b45f29687586ac0ae2bec1acea9d0ac1fe2188d29227638f386e527cf49456fe73

    • SSDEEP

      6144:BpPDCOkXvBftF2WKcxQIop4T6jjtmUIM9n8xrF50uZPpvEoFuK/w:fCVZftAZcxtT62bbDvEU

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks