Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118

  • Size

    2.3MB

  • Sample

    240823-ge9dhazgpk

  • MD5

    ba92222c0e5c25c531e322148d5ac011

  • SHA1

    dd5b00d68c1fbc9fbf6acf42fb85210f9dc71c8c

  • SHA256

    1d1732c1f40085db43ea9b1e377ca70c2b2572938982234d9a6c3240b538fee4

  • SHA512

    c7886c000f614dd2fef9b45556bfaeaa851762684f780729beb50628a3107f1c3d1d73b6275f7d3ba11c5990786229ff6afc811f2277fb8ecf27178fa7ccf91f

  • SSDEEP

    49152:F0Q5Ujw6tkkcq428htQPOL2XmGs3hfFeWmu3rWrHGn9LvH8nLwPlC/v3:BiE6OzqehtQ+ThdN7YHGn976wPl6v3

Malware Config

Targets

    • Target

      ba92222c0e5c25c531e322148d5ac011_JaffaCakes118

    • Size

      2.3MB

    • MD5

      ba92222c0e5c25c531e322148d5ac011

    • SHA1

      dd5b00d68c1fbc9fbf6acf42fb85210f9dc71c8c

    • SHA256

      1d1732c1f40085db43ea9b1e377ca70c2b2572938982234d9a6c3240b538fee4

    • SHA512

      c7886c000f614dd2fef9b45556bfaeaa851762684f780729beb50628a3107f1c3d1d73b6275f7d3ba11c5990786229ff6afc811f2277fb8ecf27178fa7ccf91f

    • SSDEEP

      49152:F0Q5Ujw6tkkcq428htQPOL2XmGs3hfFeWmu3rWrHGn9LvH8nLwPlC/v3:BiE6OzqehtQ+ThdN7YHGn976wPl6v3

    • UAC bypass

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    • Enumerates VirtualBox registry keys

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks