Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dfcdf24b6d8898899ad8308fad3131f1_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240914-j594tsvdlg

  • MD5

    dfcdf24b6d8898899ad8308fad3131f1

  • SHA1

    df7746ed655a06e3d1000964714bf5e9cc49bb85

  • SHA256

    1b3daea4129fbeefa5ea8d8f360c2f678c7b61e338c7bfd9010f63df99d0255e

  • SHA512

    1134434e594728b0b9414809d4cc5462e0fa1aeb89a1d61ecb50cbcc0d6c7fa644a8d7b4c72dd29d08db745a6ae0bdb94cba48eb4d95bdad4d47542434d4ac93

  • SSDEEP

    12288:ijkArEN249AyE/rbaMct4bO2/VlT2ENaep9VVVV9V9RVVRRVp:VFE//Tct4bOsGmN

Malware Config

Targets

    • Target

      dfcdf24b6d8898899ad8308fad3131f1_JaffaCakes118

    • Size

      1.4MB

    • MD5

      dfcdf24b6d8898899ad8308fad3131f1

    • SHA1

      df7746ed655a06e3d1000964714bf5e9cc49bb85

    • SHA256

      1b3daea4129fbeefa5ea8d8f360c2f678c7b61e338c7bfd9010f63df99d0255e

    • SHA512

      1134434e594728b0b9414809d4cc5462e0fa1aeb89a1d61ecb50cbcc0d6c7fa644a8d7b4c72dd29d08db745a6ae0bdb94cba48eb4d95bdad4d47542434d4ac93

    • SSDEEP

      12288:ijkArEN249AyE/rbaMct4bO2/VlT2ENaep9VVVV9V9RVVRRVp:VFE//Tct4bOsGmN

    • Modifies WinLogon for persistence

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks