Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ac95186825b222457c085d32ca4cb4a0_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240819-zyhzrszdkn

  • MD5

    ac95186825b222457c085d32ca4cb4a0

  • SHA1

    9f2ea2094d5c42102db88e78ec7a6521684e99ff

  • SHA256

    56302b13ba25b27b2cc4e7f51ee00db478f814898a19355e1b79976e1387f322

  • SHA512

    2e6852d766f3ca0541d79f237a6846ebdaa1b6d04674031dadc76746ddc66bd57e378faf047bbb95644e05f4b53512d85f89661181b72e8fb4fbbcf651545095

  • SSDEEP

    49152:PaWDnkvA3cNuZtt1p7oeYlrEKgI8OkU/WXnyhJ1KXZ3pN+xM9FjDn4y+Cyz0:bXIujZLYOKw/3aJEpZ8xAZcCyz0

Malware Config

Targets

    • Target

      ac95186825b222457c085d32ca4cb4a0_JaffaCakes118

    • Size

      2.6MB

    • MD5

      ac95186825b222457c085d32ca4cb4a0

    • SHA1

      9f2ea2094d5c42102db88e78ec7a6521684e99ff

    • SHA256

      56302b13ba25b27b2cc4e7f51ee00db478f814898a19355e1b79976e1387f322

    • SHA512

      2e6852d766f3ca0541d79f237a6846ebdaa1b6d04674031dadc76746ddc66bd57e378faf047bbb95644e05f4b53512d85f89661181b72e8fb4fbbcf651545095

    • SSDEEP

      49152:PaWDnkvA3cNuZtt1p7oeYlrEKgI8OkU/WXnyhJ1KXZ3pN+xM9FjDn4y+Cyz0:bXIujZLYOKw/3aJEpZ8xAZcCyz0

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks