Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ba652f3266a882ed48f80e320ac78bfd_JaffaCakes118

  • Size

    200KB

  • Sample

    240823-fas1aayamm

  • MD5

    ba652f3266a882ed48f80e320ac78bfd

  • SHA1

    97d7cc36c0bc78dd95363f691fd85fa44d5a5c7e

  • SHA256

    d5af8787376f7efc104d75f99099cda61ea639c5c757a2a4cf6b65efda83d193

  • SHA512

    38cf54a46ac276389b6e5dcbdbca5df33b34c287b92f0b6f8a115e6b1ec497a70cb7cfe45bc64a9993fa24a7512172ec442780df32b8eee6894c38e2e96e1c08

  • SSDEEP

    6144:vmZp9qpWymPBeaSAOJ+7xi5eRed63qaCR8nIBKf:ORGLmPBeaSAOJ+7xi5eRed63qaCO

Malware Config

Targets

    • Target

      ba652f3266a882ed48f80e320ac78bfd_JaffaCakes118

    • Size

      200KB

    • MD5

      ba652f3266a882ed48f80e320ac78bfd

    • SHA1

      97d7cc36c0bc78dd95363f691fd85fa44d5a5c7e

    • SHA256

      d5af8787376f7efc104d75f99099cda61ea639c5c757a2a4cf6b65efda83d193

    • SHA512

      38cf54a46ac276389b6e5dcbdbca5df33b34c287b92f0b6f8a115e6b1ec497a70cb7cfe45bc64a9993fa24a7512172ec442780df32b8eee6894c38e2e96e1c08

    • SSDEEP

      6144:vmZp9qpWymPBeaSAOJ+7xi5eRed63qaCR8nIBKf:ORGLmPBeaSAOJ+7xi5eRed63qaCO

    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks