Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

dbf373bb2c...18.exe

windows7-x64

10

dbf373bb2c...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dbf373bb2c8f589348c81fb228264e6b_JaffaCakes118

  • Size

    240KB

  • Sample

    240912-gt7hfsvdlp

  • MD5

    dbf373bb2c8f589348c81fb228264e6b

  • SHA1

    5a3a270281888b37e2fc9efd88a5dc7af4f0c860

  • SHA256

    f43de2802350eb6b1574084937828090ffa2f60931a626e70b661a36052cf0b1

  • SHA512

    fba34b041f6e559dcd760d8c24c128eff1d458e90713bb96e8a812bf07f6a387ffcd1b2a3cc446059740bcd1420d2aa0b13dbb13a097a1f3ffb1c130b5fcb65c

  • SSDEEP

    6144:7HRYTjOZt8zrgH76LYNyHyMhVKRzbl875i+JMN45PHK:LS+2gO0cHyMsp+zMoi

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      dbf373bb2c8f589348c81fb228264e6b_JaffaCakes118

    • Size

      240KB

    • MD5

      dbf373bb2c8f589348c81fb228264e6b

    • SHA1

      5a3a270281888b37e2fc9efd88a5dc7af4f0c860

    • SHA256

      f43de2802350eb6b1574084937828090ffa2f60931a626e70b661a36052cf0b1

    • SHA512

      fba34b041f6e559dcd760d8c24c128eff1d458e90713bb96e8a812bf07f6a387ffcd1b2a3cc446059740bcd1420d2aa0b13dbb13a097a1f3ffb1c130b5fcb65c

    • SSDEEP

      6144:7HRYTjOZt8zrgH76LYNyHyMhVKRzbl875i+JMN45PHK:LS+2gO0cHyMsp+zMoi

    Score
    10/10
    discoverypersistence

    • Modifies WinLogon for persistence

      persistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks