Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c15eeb848d230e98f13ac3287e4e4916_JaffaCakes118

  • Size

    664KB

  • Sample

    240825-xlqsqs1cpk

  • MD5

    c15eeb848d230e98f13ac3287e4e4916

  • SHA1

    d8f86e0f9cf3f899cf0a47809032e8afbf1b68b6

  • SHA256

    7245a682dc36a935bea6b6f28595e9f77c06ae2f61aee4bc3032ff3976097503

  • SHA512

    cf9750db73f185818ba8a75a055c2d8137a9733858e06ed8a278a759fd878b4ac630ff28cabbc2dc455fbfdac2f357294494ab80b0e9878a49671e1b907ef722

  • SSDEEP

    12288:pDUe7v5RR/+YvID93ot1eQqZcR//BwUS+/CRTAoaj:yeLzR/+a6ot1efZcd/+LRTAz

Malware Config

Targets

    • Target

      c15eeb848d230e98f13ac3287e4e4916_JaffaCakes118

    • Size

      664KB

    • MD5

      c15eeb848d230e98f13ac3287e4e4916

    • SHA1

      d8f86e0f9cf3f899cf0a47809032e8afbf1b68b6

    • SHA256

      7245a682dc36a935bea6b6f28595e9f77c06ae2f61aee4bc3032ff3976097503

    • SHA512

      cf9750db73f185818ba8a75a055c2d8137a9733858e06ed8a278a759fd878b4ac630ff28cabbc2dc455fbfdac2f357294494ab80b0e9878a49671e1b907ef722

    • SSDEEP

      12288:pDUe7v5RR/+YvID93ot1eQqZcR//BwUS+/CRTAoaj:yeLzR/+a6ot1efZcd/+LRTAz

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks