Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dc2db3d67ea5ce99d788d2028947d68b_JaffaCakes118

  • Size

    181KB

  • Sample

    240912-lw2gfa1eqh

  • MD5

    dc2db3d67ea5ce99d788d2028947d68b

  • SHA1

    899c6fd8e674dc168c88b6aa1a83b82efebcc550

  • SHA256

    f884b71ec69728687d2a43d9ff82184912cf2bbd4d041899ec02e82d09d733fb

  • SHA512

    55615610ada06937bb5ed362454f9bc3859e34026e42f4494c9bd4bb8604319c108cd294c9be1b63575365c8ffe4389d934e80001a390e7147c67518c5989db2

  • SSDEEP

    3072:ALk395hYXJsDjSUxWbayCLef2s583SutridTtT+K0vkEllFwIYD9SICj4fk:AQqCjSlbfCCus58CupidTt/0MEllFw7g

Malware Config

Targets

    • Target

      dc2db3d67ea5ce99d788d2028947d68b_JaffaCakes118

    • Size

      181KB

    • MD5

      dc2db3d67ea5ce99d788d2028947d68b

    • SHA1

      899c6fd8e674dc168c88b6aa1a83b82efebcc550

    • SHA256

      f884b71ec69728687d2a43d9ff82184912cf2bbd4d041899ec02e82d09d733fb

    • SHA512

      55615610ada06937bb5ed362454f9bc3859e34026e42f4494c9bd4bb8604319c108cd294c9be1b63575365c8ffe4389d934e80001a390e7147c67518c5989db2

    • SSDEEP

      3072:ALk395hYXJsDjSUxWbayCLef2s583SutridTtT+K0vkEllFwIYD9SICj4fk:AQqCjSlbfCCus58CupidTt/0MEllFw7g

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Target

      201153135239.exe

    • Size

      25.2MB

    • MD5

      57f0f15ef829fa03fecf784d5c658bae

    • SHA1

      1d86700c8c555df352c2922d02da686825525c00

    • SHA256

      ddb52e15b7891d1aded1312934d2e6f620c08e1f0e0da77ab3b68343daef7560

    • SHA512

      22fa2b29066c2a638f393cb2f99316f3786351c805a6bc3a41f2cc8b5ba681954167ba08cb4d5930fc8e5caf4c70ceadbfdd092e0511a568abb47466acbb526b

    • SSDEEP

      3072:ALk395hYXJS1VNR0FtDZU4JPK76fcqIVw4Z8KZSrXC4VQipg2vub:AQqY30Fn9PdcqIVwE8Wxidub

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Target

      20115313521.exe

    • Size

      100.2MB

    • MD5

      8c37a0a9621cae6781bfd3c408400682

    • SHA1

      6768b9f64c2f95c51870b77a9679519b6fd12cd7

    • SHA256

      d868c3d258b1deded5ac76ceccd859b3f7d088d1b2bc6e0b8db813aec30a460e

    • SHA512

      e7331e9fc56ba2a30a7ee28093048d2e50143a9f6f7130d0fba18919df7e52bb67ce1cbc4f5a24950d65e0e57d404e421889240765c67815abcae46f7b8c9f44

    • SSDEEP

      3072:CTeTY1km5WBqwP3fspQ/Xz7iasXHyC/hX6Axv3yUt7LEwNj8BPOI5s8DxOA:CiTtiWB0mL7teJ5Vp3yO5N4G74

MITRE ATT&CK Enterprise v15

Tasks