Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b59ca4732457793b33ccdeb9def9384d_JaffaCakes118

  • Size

    7.3MB

  • Sample

    240822-amka1sybme

  • MD5

    b59ca4732457793b33ccdeb9def9384d

  • SHA1

    040e46799a87935827347ab12587176c2328bff6

  • SHA256

    a938560a8049cc9d5cdf9b81d4aaec38a3f3440edb314be676932abafa2a980a

  • SHA512

    5858b5afa3b385d0449999e6743d523be0fa63f12649cd2fe17f6092076f72f55dff31be95d9b7aa02e1cd58d4a7c5530a6d1fb7d571b69e6d6168de2cf044e0

  • SSDEEP

    24576:zMMpXS0hN0V0HDIH53npi6IMMpXS0hN0V0HDIH53npi69:gwi0L0qK5XpiWwi0L0qK5Xpis

Malware Config

Targets

    • Target

      b59ca4732457793b33ccdeb9def9384d_JaffaCakes118

    • Size

      7.3MB

    • MD5

      b59ca4732457793b33ccdeb9def9384d

    • SHA1

      040e46799a87935827347ab12587176c2328bff6

    • SHA256

      a938560a8049cc9d5cdf9b81d4aaec38a3f3440edb314be676932abafa2a980a

    • SHA512

      5858b5afa3b385d0449999e6743d523be0fa63f12649cd2fe17f6092076f72f55dff31be95d9b7aa02e1cd58d4a7c5530a6d1fb7d571b69e6d6168de2cf044e0

    • SSDEEP

      24576:zMMpXS0hN0V0HDIH53npi6IMMpXS0hN0V0HDIH53npi69:gwi0L0qK5XpiWwi0L0qK5Xpis

    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks