Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

ac05f3e3c0...18.dll

windows7-x64

8

ac05f3e3c0...18.dll

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ac05f3e3c0774eac69ed06a6d2cbb543_JaffaCakes118

  • Size

    436KB

  • Sample

    240819-wm3m9asbpp

  • MD5

    ac05f3e3c0774eac69ed06a6d2cbb543

  • SHA1

    48f8b34ec60a0469c03f4ced8250720cde961383

  • SHA256

    cb6ffd40086f791f484e4e35e2a3fbf0fdf112cd6f9f749478e831ac8e8e1106

  • SHA512

    0c20771add113db39b4b753e7cfd6458cbf0dd7b81cfb0f73a9a0d471acd9dd6c76668c0b8a478c273798466869f8ca4ef0154e6f29f2df969540ee69f7682f3

  • SSDEEP

    12288:6Kc3Y0IDPO3RZIqOVCUlcOQ+tuYw7dmvxdtLMkOa:zcI0I2ZIqzcu+vw7QxLv

Score
8/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      ac05f3e3c0774eac69ed06a6d2cbb543_JaffaCakes118

    • Size

      436KB

    • MD5

      ac05f3e3c0774eac69ed06a6d2cbb543

    • SHA1

      48f8b34ec60a0469c03f4ced8250720cde961383

    • SHA256

      cb6ffd40086f791f484e4e35e2a3fbf0fdf112cd6f9f749478e831ac8e8e1106

    • SHA512

      0c20771add113db39b4b753e7cfd6458cbf0dd7b81cfb0f73a9a0d471acd9dd6c76668c0b8a478c273798466869f8ca4ef0154e6f29f2df969540ee69f7682f3

    • SSDEEP

      12288:6Kc3Y0IDPO3RZIqOVCUlcOQ+tuYw7dmvxdtLMkOa:zcI0I2ZIqzcu+vw7QxLv

    Score
    8/10
    discoveryevasionpersistence

    • Blocklisted process makes network request

    • Deletes itself

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks