Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a5712f8112f633c57a233814bb3923f9_JaffaCakes118

  • Size

    171KB

  • Sample

    240818-fee9zsygjl

  • MD5

    a5712f8112f633c57a233814bb3923f9

  • SHA1

    275494bcf3cde45f981c9d93c373f7642811b260

  • SHA256

    192a9a72f08373b3f16996fe7bbcddb9f7ef0a04cdb846220812a36e5bfd906b

  • SHA512

    30186c153c1eb38994544a7bd4b1d4d28d93579a1783303f38888d54cdd79d0dd2992b44ec3b01c57765b260b92fce963d03333be0770d6c027b61341e373832

  • SSDEEP

    3072:9bCX8UaFPmgRMNlPTGQQm6ytwZEsrYkK4d9hFap/QroKP:i898gWNlPTGQQm6agrd7HW4UK

Malware Config

Targets

    • Target

      a5712f8112f633c57a233814bb3923f9_JaffaCakes118

    • Size

      171KB

    • MD5

      a5712f8112f633c57a233814bb3923f9

    • SHA1

      275494bcf3cde45f981c9d93c373f7642811b260

    • SHA256

      192a9a72f08373b3f16996fe7bbcddb9f7ef0a04cdb846220812a36e5bfd906b

    • SHA512

      30186c153c1eb38994544a7bd4b1d4d28d93579a1783303f38888d54cdd79d0dd2992b44ec3b01c57765b260b92fce963d03333be0770d6c027b61341e373832

    • SSDEEP

      3072:9bCX8UaFPmgRMNlPTGQQm6ytwZEsrYkK4d9hFap/QroKP:i898gWNlPTGQQm6agrd7HW4UK

    • Modifies WinLogon for persistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks