Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a78e3e5ddb17eaef1a376a005c16ce90_JaffaCakes118

  • Size

    164KB

  • Sample

    240818-vzydmavema

  • MD5

    a78e3e5ddb17eaef1a376a005c16ce90

  • SHA1

    b6fdc1e495f7de096ae3e638ccd76e4110fe1094

  • SHA256

    ff9047d6b337e222f83b16b78674b5f55ec9a592a6dd379feb36168a9c3f57a0

  • SHA512

    54404fb4f10340b08b087bc7d3a78985116f2b5db5b77f5ef080a5361b6c758b14dbc34e0a03613f4bfe04d54012119ecc918804d3499d34d0e71b8ffa7f2d58

  • SSDEEP

    3072:W8lI9JuB/RVgU974KlGro2UWQRtgxC6c3ovNRdNUirqSmF7Nv5D:WJmVJ974KlGM/g46cYVWimF7hV

Malware Config

Targets

    • Target

      a78e3e5ddb17eaef1a376a005c16ce90_JaffaCakes118

    • Size

      164KB

    • MD5

      a78e3e5ddb17eaef1a376a005c16ce90

    • SHA1

      b6fdc1e495f7de096ae3e638ccd76e4110fe1094

    • SHA256

      ff9047d6b337e222f83b16b78674b5f55ec9a592a6dd379feb36168a9c3f57a0

    • SHA512

      54404fb4f10340b08b087bc7d3a78985116f2b5db5b77f5ef080a5361b6c758b14dbc34e0a03613f4bfe04d54012119ecc918804d3499d34d0e71b8ffa7f2d58

    • SSDEEP

      3072:W8lI9JuB/RVgU974KlGro2UWQRtgxC6c3ovNRdNUirqSmF7Nv5D:WJmVJ974KlGM/g46cYVWimF7hV

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks