Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aec20eb6ee835c12214379b779745fe1_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240820-ltnskayhrj

  • MD5

    aec20eb6ee835c12214379b779745fe1

  • SHA1

    5922c4043858675bc625f399b941de884279f87e

  • SHA256

    ec1d168c1e24d5a5c1884c06842aa521a5d5d3d09abc77f9523d4e16dd9c5b57

  • SHA512

    1154917904ed84d8fa3cb5e77d4a633520ce9383d05859fc46b644740e4eaa99ebf763ad856a8a972c9771d726fe871fe7681a68c1e20e729a9cc81c13129ccc

  • SSDEEP

    24576:R8xTAL596aUsyoB0v07HkKhB0uWzxWAsoPg5t8LnVfk4R8MTBBYBoiSUAh5lLhiz:SxTI+s73SrzH8MTBKSUBSVbXEL

Malware Config

Targets

    • Target

      aec20eb6ee835c12214379b779745fe1_JaffaCakes118

    • Size

      2.6MB

    • MD5

      aec20eb6ee835c12214379b779745fe1

    • SHA1

      5922c4043858675bc625f399b941de884279f87e

    • SHA256

      ec1d168c1e24d5a5c1884c06842aa521a5d5d3d09abc77f9523d4e16dd9c5b57

    • SHA512

      1154917904ed84d8fa3cb5e77d4a633520ce9383d05859fc46b644740e4eaa99ebf763ad856a8a972c9771d726fe871fe7681a68c1e20e729a9cc81c13129ccc

    • SSDEEP

      24576:R8xTAL596aUsyoB0v07HkKhB0uWzxWAsoPg5t8LnVfk4R8MTBBYBoiSUAh5lLhiz:SxTI+s73SrzH8MTBKSUBSVbXEL

    • Modifies WinLogon for persistence

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks