Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aeca5eab2ab43e3904c8aaefc5f3bf51_JaffaCakes118

  • Size

    4.5MB

  • Sample

    240820-l1r4kazcml

  • MD5

    aeca5eab2ab43e3904c8aaefc5f3bf51

  • SHA1

    f1a6e524d1a11dac6e45b9b22fd7c9b3c80a3184

  • SHA256

    4c90087f2a3773da6000a9110dd4485ce1d95ca86b64468b5fb6e938754ab0a6

  • SHA512

    0131665fd8c867afd76f5ecf2250718e7a9570caf812352048ed75370facb5d336931266d3c1aabe2ed004e6b2a5ca3f0c5acf67fa5bf9afc084297065e58089

  • SSDEEP

    98304:ErKBdVbVlCVF9RAgbcowBg8EmX5oxGOue+snXUzfViw:TBdVBlCVLRAgIoR8ES6ajsnEbViw

Malware Config

Targets

    • Target

      aeca5eab2ab43e3904c8aaefc5f3bf51_JaffaCakes118

    • Size

      4.5MB

    • MD5

      aeca5eab2ab43e3904c8aaefc5f3bf51

    • SHA1

      f1a6e524d1a11dac6e45b9b22fd7c9b3c80a3184

    • SHA256

      4c90087f2a3773da6000a9110dd4485ce1d95ca86b64468b5fb6e938754ab0a6

    • SHA512

      0131665fd8c867afd76f5ecf2250718e7a9570caf812352048ed75370facb5d336931266d3c1aabe2ed004e6b2a5ca3f0c5acf67fa5bf9afc084297065e58089

    • SSDEEP

      98304:ErKBdVbVlCVF9RAgbcowBg8EmX5oxGOue+snXUzfViw:TBdVBlCVLRAgIoR8ES6ajsnEbViw

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks