Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c256cbd591c1e36efd697501a5737056_JaffaCakes118
-
Size
303KB
-
Sample
240826-fqwq4swgqc
-
MD5
c256cbd591c1e36efd697501a5737056
-
SHA1
a79ff7fe5052a52e04153a7a86b553de6aaec793
-
SHA256
4256c11a396ac144b03ba3dd5bed252f3d89ec68baf892df78a0420ced0cc01c
-
SHA512
64225d10c3c13d5f4642f35cb2a5d58195c6556d36f32590d981766072e2ce1f97d3d4d1fe3eb699cd1feb2b0b96dba7715f4c63ff3473fe39fb74b855e30514
-
SSDEEP
6144:D8XoRHg1/2R/6sZ/OmQp0rT8UMvJz3/Ittmkbe9YfV0Udmemw+a0kPoizNBNULRg:DR61GOmV7+/QMI9+UdmLa0kPoiz2LRsL
Static task
static1
Behavioral task
behavioral1
Sample
HLCUJK1200426084 INV 2097430962.DNS.exe
Resource
win7-20240708-en
Malware Config
Extracted
nanocore
1.2.2.0
adikaremix.linkpc.net:1790
185.140.53.13:1790
9493864b-27d9-4410-9dcc-9a0c4732a1d5
-
activate_away_mode
true
-
backup_connection_host
185.140.53.13
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-03-21T11:14:38.887176036Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
1790
-
default_group
June@@
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
9493864b-27d9-4410-9dcc-9a0c4732a1d5
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
adikaremix.linkpc.net
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
HLCUJK1200426084 INV 2097430962.DNS.exe
-
Size
342KB
-
MD5
9c269b95c724a6974b4800643308fdf3
-
SHA1
5a08a0314f5848caa51dc2e8cf6108f6382af001
-
SHA256
97553c2488962a2876a76f8c0cf8fc80b061c13663e0591879d2436086d6f24e
-
SHA512
1a263342be9881421c214982bd04d468499087e4171d98a745559d5768394d435dcc9ebbe99bebe0b977318c627633dd9dd370dff405f9d999aad53dfab374ca
-
SSDEEP
6144:hJxl4lK4sCsZNOmcp0DT8UYvJr3/IttmkbelYfV0Udme8w+a0kfoizrB5ULRu5F0:hJxT4tMOm974/QMIzKUdmra0kfoiz4LH
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1