Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b687ab566d7d7b41a25d7b4d5396e573_JaffaCakes118
-
Size
81KB
-
Sample
240822-gbl4ss1crc
-
MD5
b687ab566d7d7b41a25d7b4d5396e573
-
SHA1
9b2e0c12ea7c13fc2daa99032208a4ae2e6525e4
-
SHA256
f4c4915e8f93f4c55e33e5cdc43e7d057cbb1bec3467792fe0c7680a0670d038
-
SHA512
edaedbc77ab7a3ba5d330d13637d00ce7294e70004a7b92071dbd4695e9d7a85685bc54302829be74e869d792c59880143c2040fe51aee293423d6c1161aca13
-
SSDEEP
1536:7PU/+Y4JTZ8btj/UbN0AIaQyqnVu1A7W3f/NYr4XRJAv4hNzVWfGIG5lqgc:4iTZ8bRsbSASRnVuy7adfhVhNpWfG6g
Static task
static1
Behavioral task
behavioral1
Sample
b687ab566d7d7b41a25d7b4d5396e573_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
b687ab566d7d7b41a25d7b4d5396e573_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
b687ab566d7d7b41a25d7b4d5396e573_JaffaCakes118
-
Size
81KB
-
MD5
b687ab566d7d7b41a25d7b4d5396e573
-
SHA1
9b2e0c12ea7c13fc2daa99032208a4ae2e6525e4
-
SHA256
f4c4915e8f93f4c55e33e5cdc43e7d057cbb1bec3467792fe0c7680a0670d038
-
SHA512
edaedbc77ab7a3ba5d330d13637d00ce7294e70004a7b92071dbd4695e9d7a85685bc54302829be74e869d792c59880143c2040fe51aee293423d6c1161aca13
-
SSDEEP
1536:7PU/+Y4JTZ8btj/UbN0AIaQyqnVu1A7W3f/NYr4XRJAv4hNzVWfGIG5lqgc:4iTZ8bRsbSASRnVuy7adfhVhNpWfG6g
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-