Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dbf1685f4978ee693a05f0107eeb52e8_JaffaCakes118

  • Size

    2.0MB

  • Sample

    240912-gqtr7avbne

  • MD5

    dbf1685f4978ee693a05f0107eeb52e8

  • SHA1

    d21485470fa8a9e181c81af451aeda77d97b3172

  • SHA256

    6c31b6a5815edd4774b38a2806b0641b3e231de5633b9cbf95ebfd0448bcf78d

  • SHA512

    3edc81bc27a3cd742825e16a9e75b204db8da1250a682e65671fd323c3b67ad14c09dea29d10b1b734b8070eedffcb7793a7e1506dd6ebe0c1091a7d942a9f47

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHafMB:NAB5

Malware Config

Targets

    • Target

      dbf1685f4978ee693a05f0107eeb52e8_JaffaCakes118

    • Size

      2.0MB

    • MD5

      dbf1685f4978ee693a05f0107eeb52e8

    • SHA1

      d21485470fa8a9e181c81af451aeda77d97b3172

    • SHA256

      6c31b6a5815edd4774b38a2806b0641b3e231de5633b9cbf95ebfd0448bcf78d

    • SHA512

      3edc81bc27a3cd742825e16a9e75b204db8da1250a682e65671fd323c3b67ad14c09dea29d10b1b734b8070eedffcb7793a7e1506dd6ebe0c1091a7d942a9f47

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHafMB:NAB5

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks