Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e09155cc0e772fe041bb674d031b6a73_JaffaCakes118

  • Size

    280KB

  • Sample

    240914-tv2d2sshpn

  • MD5

    e09155cc0e772fe041bb674d031b6a73

  • SHA1

    ad5fcdc004d2e0cdf1008fb6226cec4e7c8ad16e

  • SHA256

    a1dd383e02eae90830a58562b26886ac2c61a6694ff7ef6f5b1edf0b46067892

  • SHA512

    5fbb4715d15a118afe8f08bd35720a44caa7e7a57c30abafa7e8c2a00a616b54b340d768a5ab5ceff0eb11eecc50002442769d5dc6db66f8fec2425ee7b9ee08

  • SSDEEP

    3072:68OBtebeDXSjdLikfVb1oPGtyNjQK+M76WDzpSd0zMkqRk5V11LVZnVF85LPhNik:j8RXSjA2K+KDzpdzF5X35VypD

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      e09155cc0e772fe041bb674d031b6a73_JaffaCakes118

    • Size

      280KB

    • MD5

      e09155cc0e772fe041bb674d031b6a73

    • SHA1

      ad5fcdc004d2e0cdf1008fb6226cec4e7c8ad16e

    • SHA256

      a1dd383e02eae90830a58562b26886ac2c61a6694ff7ef6f5b1edf0b46067892

    • SHA512

      5fbb4715d15a118afe8f08bd35720a44caa7e7a57c30abafa7e8c2a00a616b54b340d768a5ab5ceff0eb11eecc50002442769d5dc6db66f8fec2425ee7b9ee08

    • SSDEEP

      3072:68OBtebeDXSjdLikfVb1oPGtyNjQK+M76WDzpSd0zMkqRk5V11LVZnVF85LPhNik:j8RXSjA2K+KDzpdzF5X35VypD

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks