Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118

  • Size

    3.2MB

  • Sample

    240909-m38d1awhnd

  • MD5

    d62da64ea2fe5ff1e73e8e466348ead2

  • SHA1

    8f4fac662b3cd339d06598b62de05ad5e0191fa3

  • SHA256

    6a4e14d5d843a9a9a472b77c76f5cc81c02a9929ceb2b07011bb9be34028ed8f

  • SHA512

    9efa58806ad0be2efa1f65ec36f3748bc1495bfca6c803598b78a20a72ef09730fad63c46c3c869ae936fae6f2a8b1e936fa9bba2345ec0f539d092f2f2411fc

  • SSDEEP

    49152:oV2kFLjLZaYWVe1JxQEOWVhQxZLuDLNFuyO3bu8yF3val1mj01vFkTST8xZ16pd+:o/FXLYrcCEO9LsJFuhLuO3NqfxZsYr

Malware Config

Targets

    • Target

      d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118

    • Size

      3.2MB

    • MD5

      d62da64ea2fe5ff1e73e8e466348ead2

    • SHA1

      8f4fac662b3cd339d06598b62de05ad5e0191fa3

    • SHA256

      6a4e14d5d843a9a9a472b77c76f5cc81c02a9929ceb2b07011bb9be34028ed8f

    • SHA512

      9efa58806ad0be2efa1f65ec36f3748bc1495bfca6c803598b78a20a72ef09730fad63c46c3c869ae936fae6f2a8b1e936fa9bba2345ec0f539d092f2f2411fc

    • SSDEEP

      49152:oV2kFLjLZaYWVe1JxQEOWVhQxZLuDLNFuyO3bu8yF3val1mj01vFkTST8xZ16pd+:o/FXLYrcCEO9LsJFuhLuO3NqfxZsYr

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks