Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ddea291496e6fe6bb2739c666ea1876f_JaffaCakes118

  • Size

    58KB

  • Sample

    240913-hvt47a1bne

  • MD5

    ddea291496e6fe6bb2739c666ea1876f

  • SHA1

    47e323dd16280e1ade512094c82ef33210342475

  • SHA256

    44244177bebc0306e23721806059a64989be421960744c800693c99cb02b82c5

  • SHA512

    c4895a63a80f642a4cc6ca164ed755d6a77f55db29502959ff89a2170e36faafc12b2f8bef4516b9e16197aeea739dcb18ceca00a7a2d66383604dfb6e269338

  • SSDEEP

    768:MdICxZk/89MpVT7woQJcW/bnqC03T/yEwSndA/zJmnPi3Jnj:MTYd5QJc/vaSybs4

Malware Config

Targets

    • Target

      ddea291496e6fe6bb2739c666ea1876f_JaffaCakes118

    • Size

      58KB

    • MD5

      ddea291496e6fe6bb2739c666ea1876f

    • SHA1

      47e323dd16280e1ade512094c82ef33210342475

    • SHA256

      44244177bebc0306e23721806059a64989be421960744c800693c99cb02b82c5

    • SHA512

      c4895a63a80f642a4cc6ca164ed755d6a77f55db29502959ff89a2170e36faafc12b2f8bef4516b9e16197aeea739dcb18ceca00a7a2d66383604dfb6e269338

    • SSDEEP

      768:MdICxZk/89MpVT7woQJcW/bnqC03T/yEwSndA/zJmnPi3Jnj:MTYd5QJc/vaSybs4

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Network Share Discovery

      Attempt to gather information on host network.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks