Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c289673501474f7fec2b16f435c90771_JaffaCakes118

  • Size

    226KB

  • Sample

    240826-ja1xnstejl

  • MD5

    c289673501474f7fec2b16f435c90771

  • SHA1

    0a5ee84f20863c5db6f0a71915ead920201df177

  • SHA256

    2202d569f96eb49bd8e7fc67b997aaaa7fa5563ec88d7fd33a79f932986a4798

  • SHA512

    d174bb6ba349ff47e36d9065e0ce396513631f80586a6e8eaaa0eccd2b017bd673dbd7717387b37333ccc0436683e8464acecf56abcb2f5be881fc56a0b0c086

  • SSDEEP

    6144:aBBXY/rEv4AA2YMHScF1VXCaailJhApl:oIZAfB1VS

Malware Config

Targets

    • Target

      c289673501474f7fec2b16f435c90771_JaffaCakes118

    • Size

      226KB

    • MD5

      c289673501474f7fec2b16f435c90771

    • SHA1

      0a5ee84f20863c5db6f0a71915ead920201df177

    • SHA256

      2202d569f96eb49bd8e7fc67b997aaaa7fa5563ec88d7fd33a79f932986a4798

    • SHA512

      d174bb6ba349ff47e36d9065e0ce396513631f80586a6e8eaaa0eccd2b017bd673dbd7717387b37333ccc0436683e8464acecf56abcb2f5be881fc56a0b0c086

    • SSDEEP

      6144:aBBXY/rEv4AA2YMHScF1VXCaailJhApl:oIZAfB1VS

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks