Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b6c6a8dd688ca661f596ef0a07f39aec_JaffaCakes118

  • Size

    420KB

  • Sample

    240822-hzdyrsvamh

  • MD5

    b6c6a8dd688ca661f596ef0a07f39aec

  • SHA1

    85cdafb5269f2e15eb4e5e84a58e9d81132e9122

  • SHA256

    b37af2dc4786f794a735dd406666749460be350850c67454e3d756468921810e

  • SHA512

    77f32bed45267bc9798f8c7ebbc294dd9f507b5d643d26969ee22ac390fc1ed27482194a05672c2eba00ae6fe99bfdc0f038c97df80b8352b06113ef27cd4886

  • SSDEEP

    6144:HwWwjqFk7qFoQudlhiP5+6yCtfGiIpZFGd:Hff2QudeYrfFo

Malware Config

Targets

    • Target

      b6c6a8dd688ca661f596ef0a07f39aec_JaffaCakes118

    • Size

      420KB

    • MD5

      b6c6a8dd688ca661f596ef0a07f39aec

    • SHA1

      85cdafb5269f2e15eb4e5e84a58e9d81132e9122

    • SHA256

      b37af2dc4786f794a735dd406666749460be350850c67454e3d756468921810e

    • SHA512

      77f32bed45267bc9798f8c7ebbc294dd9f507b5d643d26969ee22ac390fc1ed27482194a05672c2eba00ae6fe99bfdc0f038c97df80b8352b06113ef27cd4886

    • SSDEEP

      6144:HwWwjqFk7qFoQudlhiP5+6yCtfGiIpZFGd:Hff2QudeYrfFo

    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks