Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118
-
Size
3.2MB
-
Sample
240909-m38d1awhnd
-
MD5
d62da64ea2fe5ff1e73e8e466348ead2
-
SHA1
8f4fac662b3cd339d06598b62de05ad5e0191fa3
-
SHA256
6a4e14d5d843a9a9a472b77c76f5cc81c02a9929ceb2b07011bb9be34028ed8f
-
SHA512
9efa58806ad0be2efa1f65ec36f3748bc1495bfca6c803598b78a20a72ef09730fad63c46c3c869ae936fae6f2a8b1e936fa9bba2345ec0f539d092f2f2411fc
-
SSDEEP
49152:oV2kFLjLZaYWVe1JxQEOWVhQxZLuDLNFuyO3bu8yF3val1mj01vFkTST8xZ16pd+:o/FXLYrcCEO9LsJFuhLuO3NqfxZsYr
Malware Config
Targets
-
-
Target
d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118
-
Size
3.2MB
-
MD5
d62da64ea2fe5ff1e73e8e466348ead2
-
SHA1
8f4fac662b3cd339d06598b62de05ad5e0191fa3
-
SHA256
6a4e14d5d843a9a9a472b77c76f5cc81c02a9929ceb2b07011bb9be34028ed8f
-
SHA512
9efa58806ad0be2efa1f65ec36f3748bc1495bfca6c803598b78a20a72ef09730fad63c46c3c869ae936fae6f2a8b1e936fa9bba2345ec0f539d092f2f2411fc
-
SSDEEP
49152:oV2kFLjLZaYWVe1JxQEOWVhQxZLuDLNFuyO3bu8yF3val1mj01vFkTST8xZ16pd+:o/FXLYrcCEO9LsJFuhLuO3NqfxZsYr
Score8/10-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-