Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e1c9c8e8879073124237095a12f42748_JaffaCakes118

  • Size

    642KB

  • Sample

    240915-f5kx6axerh

  • MD5

    e1c9c8e8879073124237095a12f42748

  • SHA1

    4ac49fb28674ad77ab07054264dfffd475344ff1

  • SHA256

    698cac7bc0d6445600eea6804bb603352827bc915114015f37b3f17fdb0f960f

  • SHA512

    e84e8cb2805c078ca38f7d7f3c4ccb047384fcd0ad8ce5ec95790dc158c03d022287e5344342e0cf506e79d56ef626e84dea6b4e48a86889f7991cb77f5ca8f6

  • SSDEEP

    12288:hjkArEN249AyE/rbaMct4bO2/VFbSPon/+AqLBh+ciIT+1Qb5ECSTDJp:uFE//Tct4bOsT+Pu/l0YciIT7NECSvv

Malware Config

Targets

    • Target

      e1c9c8e8879073124237095a12f42748_JaffaCakes118

    • Size

      642KB

    • MD5

      e1c9c8e8879073124237095a12f42748

    • SHA1

      4ac49fb28674ad77ab07054264dfffd475344ff1

    • SHA256

      698cac7bc0d6445600eea6804bb603352827bc915114015f37b3f17fdb0f960f

    • SHA512

      e84e8cb2805c078ca38f7d7f3c4ccb047384fcd0ad8ce5ec95790dc158c03d022287e5344342e0cf506e79d56ef626e84dea6b4e48a86889f7991cb77f5ca8f6

    • SSDEEP

      12288:hjkArEN249AyE/rbaMct4bO2/VFbSPon/+AqLBh+ciIT+1Qb5ECSTDJp:uFE//Tct4bOsT+Pu/l0YciIT7NECSvv

    • Modifies visiblity of hidden/system files in Explorer

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks