Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b687ab566d7d7b41a25d7b4d5396e573_JaffaCakes118

  • Size

    81KB

  • Sample

    240822-gbl4ss1crc

  • MD5

    b687ab566d7d7b41a25d7b4d5396e573

  • SHA1

    9b2e0c12ea7c13fc2daa99032208a4ae2e6525e4

  • SHA256

    f4c4915e8f93f4c55e33e5cdc43e7d057cbb1bec3467792fe0c7680a0670d038

  • SHA512

    edaedbc77ab7a3ba5d330d13637d00ce7294e70004a7b92071dbd4695e9d7a85685bc54302829be74e869d792c59880143c2040fe51aee293423d6c1161aca13

  • SSDEEP

    1536:7PU/+Y4JTZ8btj/UbN0AIaQyqnVu1A7W3f/NYr4XRJAv4hNzVWfGIG5lqgc:4iTZ8bRsbSASRnVuy7adfhVhNpWfG6g

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      b687ab566d7d7b41a25d7b4d5396e573_JaffaCakes118

    • Size

      81KB

    • MD5

      b687ab566d7d7b41a25d7b4d5396e573

    • SHA1

      9b2e0c12ea7c13fc2daa99032208a4ae2e6525e4

    • SHA256

      f4c4915e8f93f4c55e33e5cdc43e7d057cbb1bec3467792fe0c7680a0670d038

    • SHA512

      edaedbc77ab7a3ba5d330d13637d00ce7294e70004a7b92071dbd4695e9d7a85685bc54302829be74e869d792c59880143c2040fe51aee293423d6c1161aca13

    • SSDEEP

      1536:7PU/+Y4JTZ8btj/UbN0AIaQyqnVu1A7W3f/NYr4XRJAv4hNzVWfGIG5lqgc:4iTZ8bRsbSASRnVuy7adfhVhNpWfG6g

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks