Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c76530899637831fd1ec3f281fda195a_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240828-wyfb4azblg

  • MD5

    c76530899637831fd1ec3f281fda195a

  • SHA1

    207445fe509e567da3b3de081fc5e5334b2d77b2

  • SHA256

    a2b99bc286042b301692432559d915a6e8ae19f143afb9f91e6e5c51445ad925

  • SHA512

    fe933b0c19027e6a7fec65e9da04a3902db3509157c0b471289b13e1eab4d8f34776e78012210e8d1addeb52ed925b0136305c2aaaf761c8eed8b188562f3833

  • SSDEEP

    24576:NhtOJF7fjodcrAh2LbBa4QhdvdL6sgMUQhG+oomy0r0DO/:NLO3LjouAh2LbOLdLAqooE

Malware Config

Targets

    • Target

      c76530899637831fd1ec3f281fda195a_JaffaCakes118

    • Size

      1.2MB

    • MD5

      c76530899637831fd1ec3f281fda195a

    • SHA1

      207445fe509e567da3b3de081fc5e5334b2d77b2

    • SHA256

      a2b99bc286042b301692432559d915a6e8ae19f143afb9f91e6e5c51445ad925

    • SHA512

      fe933b0c19027e6a7fec65e9da04a3902db3509157c0b471289b13e1eab4d8f34776e78012210e8d1addeb52ed925b0136305c2aaaf761c8eed8b188562f3833

    • SSDEEP

      24576:NhtOJF7fjodcrAh2LbBa4QhdvdL6sgMUQhG+oomy0r0DO/:NLO3LjouAh2LbOLdLAqooE

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks