Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bdc746e88d4aaa47d733f5860dc3b54a_JaffaCakes118

  • Size

    54KB

  • Sample

    240824-b851aazaqa

  • MD5

    bdc746e88d4aaa47d733f5860dc3b54a

  • SHA1

    a2ee14a805478d1bfdd4ebddeead644b7bdafe9d

  • SHA256

    c283810c6aa3866b4a017356c25c2cc2b1b1fcf0df8479b021370e2df0a70c0c

  • SHA512

    e3f7766a297e97c1ca5ff0171030a0f095280fbe529499f23775cadd2979ca5406e1fd630926c26b22a12430e44f5820a15108fcba0019648b7e408eb4323277

  • SSDEEP

    768:sqkYtA7cmPNu/o1DZqTTe8P5hUbYAuCKzVHWvdAy39QS7fRKfFDpPMMCE1:sq7AER/3TAu/xWvdA4Q8fYtpUMv1

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      bdc746e88d4aaa47d733f5860dc3b54a_JaffaCakes118

    • Size

      54KB

    • MD5

      bdc746e88d4aaa47d733f5860dc3b54a

    • SHA1

      a2ee14a805478d1bfdd4ebddeead644b7bdafe9d

    • SHA256

      c283810c6aa3866b4a017356c25c2cc2b1b1fcf0df8479b021370e2df0a70c0c

    • SHA512

      e3f7766a297e97c1ca5ff0171030a0f095280fbe529499f23775cadd2979ca5406e1fd630926c26b22a12430e44f5820a15108fcba0019648b7e408eb4323277

    • SSDEEP

      768:sqkYtA7cmPNu/o1DZqTTe8P5hUbYAuCKzVHWvdAy39QS7fRKfFDpPMMCE1:sq7AER/3TAu/xWvdA4Q8fYtpUMv1

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Blocklisted process makes network request

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Impair Defenses: Safe Mode Boot

MITRE ATT&CK Enterprise v15

Tasks