Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    de3ba2efe286a53569748217fb295c54_JaffaCakes118

  • Size

    872KB

  • Sample

    240913-m6h9aayhpf

  • MD5

    de3ba2efe286a53569748217fb295c54

  • SHA1

    c82d36a49a31a4a3a98487cc263827bd5b4bcc15

  • SHA256

    9c7956af921d0d46577983d35f4f00e0dcd1c786ab6ce5a59a10247d6b74cfd6

  • SHA512

    a3d3b804ea2d742d82eb5ba328150d370a6988ca4fa53cdf9e6170f03178b676a1c8a79b0ddf053ca0a19061eb920422f96bee5c7e5cc012d33b98fbb2a4ec44

  • SSDEEP

    12288:Va84Rvv+ADxRmUKpTvJSIP4j0XlhYcfbSkI6mkGRLV/CG9sRmci/:VEvzRqTMG4H4ukwFCGWgcS

Malware Config

Targets

    • Target

      de3ba2efe286a53569748217fb295c54_JaffaCakes118

    • Size

      872KB

    • MD5

      de3ba2efe286a53569748217fb295c54

    • SHA1

      c82d36a49a31a4a3a98487cc263827bd5b4bcc15

    • SHA256

      9c7956af921d0d46577983d35f4f00e0dcd1c786ab6ce5a59a10247d6b74cfd6

    • SHA512

      a3d3b804ea2d742d82eb5ba328150d370a6988ca4fa53cdf9e6170f03178b676a1c8a79b0ddf053ca0a19061eb920422f96bee5c7e5cc012d33b98fbb2a4ec44

    • SSDEEP

      12288:Va84Rvv+ADxRmUKpTvJSIP4j0XlhYcfbSkI6mkGRLV/CG9sRmci/:VEvzRqTMG4H4ukwFCGWgcS

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks