Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cfca47395ed702efe2c4f5fa8402347f_JaffaCakes118

  • Size

    56KB

  • Sample

    240906-r7w9rasbrm

  • MD5

    cfca47395ed702efe2c4f5fa8402347f

  • SHA1

    b1c41be6df69a35157f7331ae35662f98d1cf8ea

  • SHA256

    ec8e95209ecbe865512b07035a5b714610656b71e893264ef1fab44cd56f89d5

  • SHA512

    bfac853a45eece7f78ab525ce95b52a5534d27276f92c3dd3188c0db6f68acd7f826f0c25e2453e03b6ed6acad3da95d51b8506084f6097386d34a3e3963fe28

  • SSDEEP

    1536:LPAIDT9osAXx80dNHEXLzBRN52E/5SActCkL:LPA8ThwrbiLzBsE/EActR

Malware Config

Targets

    • Target

      cfca47395ed702efe2c4f5fa8402347f_JaffaCakes118

    • Size

      56KB

    • MD5

      cfca47395ed702efe2c4f5fa8402347f

    • SHA1

      b1c41be6df69a35157f7331ae35662f98d1cf8ea

    • SHA256

      ec8e95209ecbe865512b07035a5b714610656b71e893264ef1fab44cd56f89d5

    • SHA512

      bfac853a45eece7f78ab525ce95b52a5534d27276f92c3dd3188c0db6f68acd7f826f0c25e2453e03b6ed6acad3da95d51b8506084f6097386d34a3e3963fe28

    • SSDEEP

      1536:LPAIDT9osAXx80dNHEXLzBRN52E/5SActCkL:LPA8ThwrbiLzBsE/EActR

    • Contacts a large (62718) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks