Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aa50667eeaefaf054764328c647566be_JaffaCakes118

  • Size

    36KB

  • Sample

    240819-kh77dstgle

  • MD5

    aa50667eeaefaf054764328c647566be

  • SHA1

    51e947b894abf53747b3fb0c6963d7cec42a709d

  • SHA256

    53668be2a5f0fb66247b301dea0a15075dae52f5082c430cf235e8961240f829

  • SHA512

    279430c1f38ef96bfb8b0076f465680660f456f0e4fcd5834452ab8b54adce5246a4afc7d8b8985eb206d9c9cf8c987bc814d002f725690a43763b95b41870a5

  • SSDEEP

    768:/jgiGxy+iC146BDRK97J3+ZFWo2iU+DaLW:7My+hQYFWuaLW

Malware Config

Targets

    • Target

      aa50667eeaefaf054764328c647566be_JaffaCakes118

    • Size

      36KB

    • MD5

      aa50667eeaefaf054764328c647566be

    • SHA1

      51e947b894abf53747b3fb0c6963d7cec42a709d

    • SHA256

      53668be2a5f0fb66247b301dea0a15075dae52f5082c430cf235e8961240f829

    • SHA512

      279430c1f38ef96bfb8b0076f465680660f456f0e4fcd5834452ab8b54adce5246a4afc7d8b8985eb206d9c9cf8c987bc814d002f725690a43763b95b41870a5

    • SSDEEP

      768:/jgiGxy+iC146BDRK97J3+ZFWo2iU+DaLW:7My+hQYFWuaLW

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks