Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    affad6a6c657608f7ac958e38bcecc02_JaffaCakes118

  • Size

    261KB

  • Sample

    240820-t2a6fascmf

  • MD5

    affad6a6c657608f7ac958e38bcecc02

  • SHA1

    2d078abf6c184ad210d4a65028c81169082764aa

  • SHA256

    af88f6d760aadb2386f20cc906940eadcd7f48df3ad444cd78e1ae6aa77ef1a5

  • SHA512

    9e21ca5b297cbbb324a472bc9f92d6165344261faafceb2e6bec573a045a03d8f8b44019ad328dc5cb031a762417aa716fdd644ad779d652eae236b1d6f428bd

  • SSDEEP

    3072:DkHJ32fINj+uSLiZWzANhiR3rpIdcEW6BExUm9EKUc/wdN6krLz1Xxek9Ao32niG:DPfWiFiZziR3r/EUU4EhzrLBXxzAo4p

Malware Config

Targets

    • Target

      affad6a6c657608f7ac958e38bcecc02_JaffaCakes118

    • Size

      261KB

    • MD5

      affad6a6c657608f7ac958e38bcecc02

    • SHA1

      2d078abf6c184ad210d4a65028c81169082764aa

    • SHA256

      af88f6d760aadb2386f20cc906940eadcd7f48df3ad444cd78e1ae6aa77ef1a5

    • SHA512

      9e21ca5b297cbbb324a472bc9f92d6165344261faafceb2e6bec573a045a03d8f8b44019ad328dc5cb031a762417aa716fdd644ad779d652eae236b1d6f428bd

    • SSDEEP

      3072:DkHJ32fINj+uSLiZWzANhiR3rpIdcEW6BExUm9EKUc/wdN6krLz1Xxek9Ao32niG:DPfWiFiZziR3r/EUU4EhzrLBXxzAo4p

    • Event Triggered Execution: AppCert DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppCert DLLs loaded into processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks