Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ac667dda38fcc71bda24847c0ef0394a_JaffaCakes118

  • Size

    40KB

  • Sample

    240819-ywlr7stcla

  • MD5

    ac667dda38fcc71bda24847c0ef0394a

  • SHA1

    647903abf7a9beeadab37d5e929944fd667252c2

  • SHA256

    d4092117e14c578ddd165f30eabcee6a7c1dccb5535a0ba4b342a0c00f9880d8

  • SHA512

    76b1af65e895089f67b3cd50f63861812c1ec3e9d124934059b66bfb3d6ce1a23ff48a8e190864fec8e0a190fa7d37ecdb6b6438695701d79382fad1889af9b3

  • SSDEEP

    768:Gy77RVRLRniwxqsQoMWtBj88s2fJQBaoPPorKgpSgO:GyJVR9iwxqsQ0tBA2feHHorvSg

Malware Config

Targets

    • Target

      ac667dda38fcc71bda24847c0ef0394a_JaffaCakes118

    • Size

      40KB

    • MD5

      ac667dda38fcc71bda24847c0ef0394a

    • SHA1

      647903abf7a9beeadab37d5e929944fd667252c2

    • SHA256

      d4092117e14c578ddd165f30eabcee6a7c1dccb5535a0ba4b342a0c00f9880d8

    • SHA512

      76b1af65e895089f67b3cd50f63861812c1ec3e9d124934059b66bfb3d6ce1a23ff48a8e190864fec8e0a190fa7d37ecdb6b6438695701d79382fad1889af9b3

    • SSDEEP

      768:Gy77RVRLRniwxqsQoMWtBj88s2fJQBaoPPorKgpSgO:GyJVR9iwxqsQ0tBA2feHHorvSg

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks