Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d68ec8bebe3186ce6f4f9a24a014e73a_JaffaCakes118

  • Size

    144KB

  • Sample

    240909-seepnswgqa

  • MD5

    d68ec8bebe3186ce6f4f9a24a014e73a

  • SHA1

    e3e2b9a8ccd8af89523666dfc9a6ec0cdcd90398

  • SHA256

    1054d870e61e08dfdb27a15edc766fe47683aa7117e080d68d72460869df43cc

  • SHA512

    3a5b951a29cac3630216497a30a0f4dc2b6ae046757dee2954a8c761e5b5141a457dd9df3449e578fc3582103ec0711c44d3339377d8d89305c4a3ea11f99973

  • SSDEEP

    3072:LO/RJ7suVBkE0eXrugqMo56N6cz9FVo07bXo+CHanIIPR/:a5J7szJON1z9voUi8P

Malware Config

Targets

    • Target

      d68ec8bebe3186ce6f4f9a24a014e73a_JaffaCakes118

    • Size

      144KB

    • MD5

      d68ec8bebe3186ce6f4f9a24a014e73a

    • SHA1

      e3e2b9a8ccd8af89523666dfc9a6ec0cdcd90398

    • SHA256

      1054d870e61e08dfdb27a15edc766fe47683aa7117e080d68d72460869df43cc

    • SHA512

      3a5b951a29cac3630216497a30a0f4dc2b6ae046757dee2954a8c761e5b5141a457dd9df3449e578fc3582103ec0711c44d3339377d8d89305c4a3ea11f99973

    • SSDEEP

      3072:LO/RJ7suVBkE0eXrugqMo56N6cz9FVo07bXo+CHanIIPR/:a5J7szJON1z9voUi8P

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks