Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b86de8b3f46a2705c802e506f09e747c_JaffaCakes118

  • Size

    124KB

  • Sample

    240822-vm41mszhrq

  • MD5

    b86de8b3f46a2705c802e506f09e747c

  • SHA1

    86de20b5ae307d23cb4b62d9c04b9c9108366bab

  • SHA256

    997bee7508a2beeec3d7aaa6d16d7228cceb47cf0e5ab19901500b98510012bf

  • SHA512

    90526ebb4b4e4a14b7059967a5249e7c84fa60652dbb64b9a73f33d6eff5bc45a59c576948d2001e17fa5975c9de96a39d0fe3bf1ff512e29b6595176db97912

  • SSDEEP

    3072:cbdYxNRD40hHgzW1FMUMff6QNznK2Pg+QFg7S:IdV0XbMf/NznK2IH

Malware Config

Targets

    • Target

      b86de8b3f46a2705c802e506f09e747c_JaffaCakes118

    • Size

      124KB

    • MD5

      b86de8b3f46a2705c802e506f09e747c

    • SHA1

      86de20b5ae307d23cb4b62d9c04b9c9108366bab

    • SHA256

      997bee7508a2beeec3d7aaa6d16d7228cceb47cf0e5ab19901500b98510012bf

    • SHA512

      90526ebb4b4e4a14b7059967a5249e7c84fa60652dbb64b9a73f33d6eff5bc45a59c576948d2001e17fa5975c9de96a39d0fe3bf1ff512e29b6595176db97912

    • SSDEEP

      3072:cbdYxNRD40hHgzW1FMUMff6QNznK2Pg+QFg7S:IdV0XbMf/NznK2IH

    • Modifies Windows Firewall

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks