Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ac05f3e3c0774eac69ed06a6d2cbb543_JaffaCakes118
-
Size
436KB
-
Sample
240819-wm3m9asbpp
-
MD5
ac05f3e3c0774eac69ed06a6d2cbb543
-
SHA1
48f8b34ec60a0469c03f4ced8250720cde961383
-
SHA256
cb6ffd40086f791f484e4e35e2a3fbf0fdf112cd6f9f749478e831ac8e8e1106
-
SHA512
0c20771add113db39b4b753e7cfd6458cbf0dd7b81cfb0f73a9a0d471acd9dd6c76668c0b8a478c273798466869f8ca4ef0154e6f29f2df969540ee69f7682f3
-
SSDEEP
12288:6Kc3Y0IDPO3RZIqOVCUlcOQ+tuYw7dmvxdtLMkOa:zcI0I2ZIqzcu+vw7QxLv
Static task
static1
Behavioral task
behavioral1
Sample
ac05f3e3c0774eac69ed06a6d2cbb543_JaffaCakes118.dll
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
ac05f3e3c0774eac69ed06a6d2cbb543_JaffaCakes118
-
Size
436KB
-
MD5
ac05f3e3c0774eac69ed06a6d2cbb543
-
SHA1
48f8b34ec60a0469c03f4ced8250720cde961383
-
SHA256
cb6ffd40086f791f484e4e35e2a3fbf0fdf112cd6f9f749478e831ac8e8e1106
-
SHA512
0c20771add113db39b4b753e7cfd6458cbf0dd7b81cfb0f73a9a0d471acd9dd6c76668c0b8a478c273798466869f8ca4ef0154e6f29f2df969540ee69f7682f3
-
SSDEEP
12288:6Kc3Y0IDPO3RZIqOVCUlcOQ+tuYw7dmvxdtLMkOa:zcI0I2ZIqzcu+vw7QxLv
Score8/10-
Blocklisted process makes network request
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-