Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b235bee6984b3b7f0a09136298f47906_JaffaCakes118

  • Size

    2.5MB

  • Sample

    240821-fvmn1avenr

  • MD5

    b235bee6984b3b7f0a09136298f47906

  • SHA1

    4a1764431de85817bffd41211d85eb51868fc68a

  • SHA256

    5ea576f09b0659c490e899c6a6ccc75fc41667b577416dc3c5b09a091645ef81

  • SHA512

    2df9a89746bfaf4d8d06d634024e3313d0e753b08bd29129a6399fa193ced3869094621b419a07ce3617672ca5a6a30cf50082a73954a4622801ce5f287fb41c

  • SSDEEP

    49152:9UQcu/vMKA1e5m92Vz2e9ueEjXZIdXzfCeOLXWiFPHW9ih1:9US/EKA1e5+2V96XmdDILxP0ih1

Malware Config

Targets

    • Target

      b235bee6984b3b7f0a09136298f47906_JaffaCakes118

    • Size

      2.5MB

    • MD5

      b235bee6984b3b7f0a09136298f47906

    • SHA1

      4a1764431de85817bffd41211d85eb51868fc68a

    • SHA256

      5ea576f09b0659c490e899c6a6ccc75fc41667b577416dc3c5b09a091645ef81

    • SHA512

      2df9a89746bfaf4d8d06d634024e3313d0e753b08bd29129a6399fa193ced3869094621b419a07ce3617672ca5a6a30cf50082a73954a4622801ce5f287fb41c

    • SSDEEP

      49152:9UQcu/vMKA1e5m92Vz2e9ueEjXZIdXzfCeOLXWiFPHW9ih1:9US/EKA1e5+2V96XmdDILxP0ih1

    • Uses Session Manager for persistence

      Creates Session Manager registry key to run executable early in system boot.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks