Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

d24781ae13...18.exe

windows7-x64

10

d24781ae13...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d24781ae13182fe929d8321e621ce370_JaffaCakes118

  • Size

    14.8MB

  • Sample

    240907-s5xceatbjh

  • MD5

    d24781ae13182fe929d8321e621ce370

  • SHA1

    b95cfb6a3b2c194babca769633394eb95cc0fa06

  • SHA256

    45286d2370fe25ea8420ef92e566f20306b2e64ef6acc81a6959b184012c9a8e

  • SHA512

    526fe44c7e24c6d286949dff33d3990aa9ba739f0e7ef7ce4be5cceb0945a0903e4062451223215d4e8ba6e50496024ec7281aaaf8647d725984424922b26f99

  • SSDEEP

    393216:TjLZjiU1lUKyYE2qJc2GONB2amSNJir9:MAv

Score
10/10
rmsdiscoveryrattrojan

Malware Config

Targets

    • Target

      d24781ae13182fe929d8321e621ce370_JaffaCakes118

    • Size

      14.8MB

    • MD5

      d24781ae13182fe929d8321e621ce370

    • SHA1

      b95cfb6a3b2c194babca769633394eb95cc0fa06

    • SHA256

      45286d2370fe25ea8420ef92e566f20306b2e64ef6acc81a6959b184012c9a8e

    • SHA512

      526fe44c7e24c6d286949dff33d3990aa9ba739f0e7ef7ce4be5cceb0945a0903e4062451223215d4e8ba6e50496024ec7281aaaf8647d725984424922b26f99

    • SSDEEP

      393216:TjLZjiU1lUKyYE2qJc2GONB2amSNJir9:MAv

    Score
    10/10
    rmsdiscoveryrattrojan

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.