Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240819-pd81cawhmr

  • MD5

    aafa209f2e54ede4c6b13969d852cf98

  • SHA1

    9f001870f43fe2f107c11212b4d1b916d50cdd4b

  • SHA256

    630afea181b3cee4e3ad4ddc6f3e3d9bad277dadf75002a020529e553d45488a

  • SHA512

    b98908af30841d2b054b23a38fc8b646a8784c1d88df37722d730dafd687346b04eb4b4ae4f01320e15b554c3855a315adad04c25451316858c40fc0c4c34287

  • SSDEEP

    24576:vK9mfgoKvASnt3LBDal8Xw00Rt8YpMgYtC:w2Intt+OEdMg

Malware Config

Targets

    • Target

      aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118

    • Size

      1.3MB

    • MD5

      aafa209f2e54ede4c6b13969d852cf98

    • SHA1

      9f001870f43fe2f107c11212b4d1b916d50cdd4b

    • SHA256

      630afea181b3cee4e3ad4ddc6f3e3d9bad277dadf75002a020529e553d45488a

    • SHA512

      b98908af30841d2b054b23a38fc8b646a8784c1d88df37722d730dafd687346b04eb4b4ae4f01320e15b554c3855a315adad04c25451316858c40fc0c4c34287

    • SSDEEP

      24576:vK9mfgoKvASnt3LBDal8Xw00Rt8YpMgYtC:w2Intt+OEdMg

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks