Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b32b87eb16adaa3eac40baeb8c9baaee_JaffaCakes118

  • Size

    110KB

  • Sample

    240821-mwgmpsxhmp

  • MD5

    b32b87eb16adaa3eac40baeb8c9baaee

  • SHA1

    c5dad615e845f0b354213bf0849156307e334786

  • SHA256

    80de6354a52de42c89a4422c04efb7c937d096f19cc3b5a002d01c2ff722a80b

  • SHA512

    58b72a053d55bd20ec097cbfe2ca3bce3adf8ec94fc395cacf5541b291920817517bfc7838a94dcf7a8302b1d40014a239b0dc0d0bea7b4e2842540a026065f7

  • SSDEEP

    3072:vyOh1oxaWgoFoA2PSTCfmEvqOIx4J2vNbGfvGnd3gW5ZM4/ud:vyOvozgqJ2PSwdvGNdndPZMT

Malware Config

Targets

    • Target

      b32b87eb16adaa3eac40baeb8c9baaee_JaffaCakes118

    • Size

      110KB

    • MD5

      b32b87eb16adaa3eac40baeb8c9baaee

    • SHA1

      c5dad615e845f0b354213bf0849156307e334786

    • SHA256

      80de6354a52de42c89a4422c04efb7c937d096f19cc3b5a002d01c2ff722a80b

    • SHA512

      58b72a053d55bd20ec097cbfe2ca3bce3adf8ec94fc395cacf5541b291920817517bfc7838a94dcf7a8302b1d40014a239b0dc0d0bea7b4e2842540a026065f7

    • SSDEEP

      3072:vyOh1oxaWgoFoA2PSTCfmEvqOIx4J2vNbGfvGnd3gW5ZM4/ud:vyOvozgqJ2PSwdvGNdndPZMT

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks