Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e09155cc0e772fe041bb674d031b6a73_JaffaCakes118
-
Size
280KB
-
Sample
240914-tv2d2sshpn
-
MD5
e09155cc0e772fe041bb674d031b6a73
-
SHA1
ad5fcdc004d2e0cdf1008fb6226cec4e7c8ad16e
-
SHA256
a1dd383e02eae90830a58562b26886ac2c61a6694ff7ef6f5b1edf0b46067892
-
SHA512
5fbb4715d15a118afe8f08bd35720a44caa7e7a57c30abafa7e8c2a00a616b54b340d768a5ab5ceff0eb11eecc50002442769d5dc6db66f8fec2425ee7b9ee08
-
SSDEEP
3072:68OBtebeDXSjdLikfVb1oPGtyNjQK+M76WDzpSd0zMkqRk5V11LVZnVF85LPhNik:j8RXSjA2K+KDzpdzF5X35VypD
Static task
static1
Behavioral task
behavioral1
Sample
e09155cc0e772fe041bb674d031b6a73_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e09155cc0e772fe041bb674d031b6a73_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
e09155cc0e772fe041bb674d031b6a73_JaffaCakes118
-
Size
280KB
-
MD5
e09155cc0e772fe041bb674d031b6a73
-
SHA1
ad5fcdc004d2e0cdf1008fb6226cec4e7c8ad16e
-
SHA256
a1dd383e02eae90830a58562b26886ac2c61a6694ff7ef6f5b1edf0b46067892
-
SHA512
5fbb4715d15a118afe8f08bd35720a44caa7e7a57c30abafa7e8c2a00a616b54b340d768a5ab5ceff0eb11eecc50002442769d5dc6db66f8fec2425ee7b9ee08
-
SSDEEP
3072:68OBtebeDXSjdLikfVb1oPGtyNjQK+M76WDzpSd0zMkqRk5V11LVZnVF85LPhNik:j8RXSjA2K+KDzpdzF5X35VypD
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-