Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d01b80759402a4c6f5e8b610acc0e682_JaffaCakes118

  • Size

    528KB

  • Sample

    240906-wa8zhazepb

  • MD5

    d01b80759402a4c6f5e8b610acc0e682

  • SHA1

    3bd8f379b178333540077d478051a8b9421cb436

  • SHA256

    781445a71a9a94d19b25870851af0d4e8290ed0341a72aa6978adcd1a0fce873

  • SHA512

    5c4056a3b45c90c64a23a3207b8348e6b797add9ebbb5c8dc096f153aefa9abcf70b5f249280bd17b80c422b22b5e48398ca0bab63b47c69e087d90cdab21344

  • SSDEEP

    12288:uVV7Cg6GTkT6keQZqq3Q/Kg9Ok/FUsTyAOonF:u7H+hNZLQbVTyApF

Malware Config

Targets

    • Target

      d01b80759402a4c6f5e8b610acc0e682_JaffaCakes118

    • Size

      528KB

    • MD5

      d01b80759402a4c6f5e8b610acc0e682

    • SHA1

      3bd8f379b178333540077d478051a8b9421cb436

    • SHA256

      781445a71a9a94d19b25870851af0d4e8290ed0341a72aa6978adcd1a0fce873

    • SHA512

      5c4056a3b45c90c64a23a3207b8348e6b797add9ebbb5c8dc096f153aefa9abcf70b5f249280bd17b80c422b22b5e48398ca0bab63b47c69e087d90cdab21344

    • SSDEEP

      12288:uVV7Cg6GTkT6keQZqq3Q/Kg9Ok/FUsTyAOonF:u7H+hNZLQbVTyApF

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks