Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c0bfd5815314d93f01b02766f3aa6e78_JaffaCakes118

  • Size

    658KB

  • Sample

    240825-pp14wawbrl

  • MD5

    c0bfd5815314d93f01b02766f3aa6e78

  • SHA1

    22eb36e422de7d29ca7e573400216395f5a17c5b

  • SHA256

    7e92f6b7fc73b2cae02badc9be25643d0e4f2b1599d9b27d6af3cbabdfa70beb

  • SHA512

    bd93548be44d75ee1ae5391d94619a7051ddcf17e00ccd96b72c5ca88e5988321f96320ad48b8d32bcd1718c140ce24e3854c673258c6a30b55ac21129b9b943

  • SSDEEP

    12288:aalFG/FRwYkK19iOCr+TMoO30mYn0YaAsGpQ33M5DKTrH5fzQ2O:VFGQK19iOCr+TMoO30mYn0YaAsl33M5J

Malware Config

Targets

    • Target

      c0bfd5815314d93f01b02766f3aa6e78_JaffaCakes118

    • Size

      658KB

    • MD5

      c0bfd5815314d93f01b02766f3aa6e78

    • SHA1

      22eb36e422de7d29ca7e573400216395f5a17c5b

    • SHA256

      7e92f6b7fc73b2cae02badc9be25643d0e4f2b1599d9b27d6af3cbabdfa70beb

    • SHA512

      bd93548be44d75ee1ae5391d94619a7051ddcf17e00ccd96b72c5ca88e5988321f96320ad48b8d32bcd1718c140ce24e3854c673258c6a30b55ac21129b9b943

    • SSDEEP

      12288:aalFG/FRwYkK19iOCr+TMoO30mYn0YaAsGpQ33M5DKTrH5fzQ2O:VFGQK19iOCr+TMoO30mYn0YaAsl33M5J

    • Server Software Component: Terminal Services DLL

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks