Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d01be792134387bfa12c4c4db206338a_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240906-wbh5gazcln

  • MD5

    d01be792134387bfa12c4c4db206338a

  • SHA1

    edb80fd21c9d3082359e44cd244801c07902f28b

  • SHA256

    6d0f958596f72608fa7263552583a1802673f135b5886545b60320cd60384bea

  • SHA512

    4377a4ccee73e4e7448e4460792845bca36a202db8ecc86bf70f95fc164116d979b93fe4e5eab4334ca3143c73f5f797eb9a4aa5d3afbe4980a56407c88831a7

  • SSDEEP

    49152:Hca33cLLfJhPYHMIclNA5uAOlTM9rMEkOhPGO:HcaHcXHPYHM9uJOlTMd/kOz

Malware Config

Targets

    • Target

      d01be792134387bfa12c4c4db206338a_JaffaCakes118

    • Size

      1.7MB

    • MD5

      d01be792134387bfa12c4c4db206338a

    • SHA1

      edb80fd21c9d3082359e44cd244801c07902f28b

    • SHA256

      6d0f958596f72608fa7263552583a1802673f135b5886545b60320cd60384bea

    • SHA512

      4377a4ccee73e4e7448e4460792845bca36a202db8ecc86bf70f95fc164116d979b93fe4e5eab4334ca3143c73f5f797eb9a4aa5d3afbe4980a56407c88831a7

    • SSDEEP

      49152:Hca33cLLfJhPYHMIclNA5uAOlTM9rMEkOhPGO:HcaHcXHPYHM9uJOlTMd/kOz

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks