Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c25bab4d90ee29cc8a07c8c28e8094bd_JaffaCakes118

  • Size

    812KB

  • Sample

    240826-f1y9zsyelq

  • MD5

    c25bab4d90ee29cc8a07c8c28e8094bd

  • SHA1

    81c0131227b99015cc3f89c7bd7edf871a20e19d

  • SHA256

    d910880590de82048b026112b56434fbbbd143f388e51a777faf5980a948be57

  • SHA512

    61d42c69d4f181394802e212d243bbb3cd25d70e9dee41de5d2bd3e0bf75303628a89501915f0341719021c10226123fc4862191134f382cae8889d631616836

  • SSDEEP

    24576:XDDbCLHCz4d67gpgy8Z5WZZAztVm8oyCcW7:TSTRw4gyhrAzrc

Malware Config

Targets

    • Target

      c25bab4d90ee29cc8a07c8c28e8094bd_JaffaCakes118

    • Size

      812KB

    • MD5

      c25bab4d90ee29cc8a07c8c28e8094bd

    • SHA1

      81c0131227b99015cc3f89c7bd7edf871a20e19d

    • SHA256

      d910880590de82048b026112b56434fbbbd143f388e51a777faf5980a948be57

    • SHA512

      61d42c69d4f181394802e212d243bbb3cd25d70e9dee41de5d2bd3e0bf75303628a89501915f0341719021c10226123fc4862191134f382cae8889d631616836

    • SSDEEP

      24576:XDDbCLHCz4d67gpgy8Z5WZZAztVm8oyCcW7:TSTRw4gyhrAzrc

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks