Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b5dfa1aa5e2bb9975b15dc708d8a3cc8_JaffaCakes118

  • Size

    232KB

  • Sample

    240822-b59jaswcjk

  • MD5

    b5dfa1aa5e2bb9975b15dc708d8a3cc8

  • SHA1

    134d996d5487975206d79ff8119695634951eae0

  • SHA256

    620a3102e9aa20e2e02059b1c84ca697371be83cb4f18f99a0dd5bc81a3b0c52

  • SHA512

    fa0ec1a021105b563e60ae1ab16a66a7fb248e44833c7d9c9a0cbf6013acd61d80fc2d452578543a784b7e39a77130562ab9dffa90dc3d7fc4b637e8d9cfec25

  • SSDEEP

    6144:4y13PFKs78vpRTlEqxF6snji81RUinKbLA:FPhp

Malware Config

Targets

    • Target

      b5dfa1aa5e2bb9975b15dc708d8a3cc8_JaffaCakes118

    • Size

      232KB

    • MD5

      b5dfa1aa5e2bb9975b15dc708d8a3cc8

    • SHA1

      134d996d5487975206d79ff8119695634951eae0

    • SHA256

      620a3102e9aa20e2e02059b1c84ca697371be83cb4f18f99a0dd5bc81a3b0c52

    • SHA512

      fa0ec1a021105b563e60ae1ab16a66a7fb248e44833c7d9c9a0cbf6013acd61d80fc2d452578543a784b7e39a77130562ab9dffa90dc3d7fc4b637e8d9cfec25

    • SSDEEP

      6144:4y13PFKs78vpRTlEqxF6snji81RUinKbLA:FPhp

    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks