Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dbc292a2292c6061700236830d45ca91_JaffaCakes118

  • Size

    293KB

  • Sample

    240912-eejfzazela

  • MD5

    dbc292a2292c6061700236830d45ca91

  • SHA1

    fcdfba4b95c145a715209d694639de6be0478f6b

  • SHA256

    e60fc4473ada26f3a8d2dd5c5f226441073bf86737e271f6f2ec61324ef9ab60

  • SHA512

    551e097fb31a5e7a6b6ecf602f7ae8cb63dc620940fe47b003ebcafcedbfdb391731cfce399b48111ee9524f2272f53eb4076c84f65e377336930fd6b3c3e0fe

  • SSDEEP

    6144:6qcbmoTtMUxxzP75a2eoEnnZcYupty6DPlQ82hmbN:6NTTyUX/5a2NGZcTs6DPlahmbN

Malware Config

Targets

    • Target

      dbc292a2292c6061700236830d45ca91_JaffaCakes118

    • Size

      293KB

    • MD5

      dbc292a2292c6061700236830d45ca91

    • SHA1

      fcdfba4b95c145a715209d694639de6be0478f6b

    • SHA256

      e60fc4473ada26f3a8d2dd5c5f226441073bf86737e271f6f2ec61324ef9ab60

    • SHA512

      551e097fb31a5e7a6b6ecf602f7ae8cb63dc620940fe47b003ebcafcedbfdb391731cfce399b48111ee9524f2272f53eb4076c84f65e377336930fd6b3c3e0fe

    • SSDEEP

      6144:6qcbmoTtMUxxzP75a2eoEnnZcYupty6DPlQ82hmbN:6NTTyUX/5a2NGZcTs6DPlahmbN

    • Modifies WinLogon for persistence

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks