Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e40f628a6207516aad11623e6c8a04ff_JaffaCakes118

  • Size

    120KB

  • Sample

    240916-fhkc4szdrm

  • MD5

    e40f628a6207516aad11623e6c8a04ff

  • SHA1

    b49f3f28c09bfff68be2204d7b9deac34d87c3b4

  • SHA256

    e455d831cd61395e72299761136903fda048bf1b2c31e485f78086a1e3793065

  • SHA512

    f6142988310b77c78896e358fdcf708afc563696cae4a812d121048180abc201be615251ffc087b4e1d9b0ef3962ecd21070cfe7d4464f5d2cbde20f701a7786

  • SSDEEP

    3072:ApnFjHocshZF6vnGt5VfkTooPtI0SDOKPr:0nzWF6GNkTtFItOCr

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      e40f628a6207516aad11623e6c8a04ff_JaffaCakes118

    • Size

      120KB

    • MD5

      e40f628a6207516aad11623e6c8a04ff

    • SHA1

      b49f3f28c09bfff68be2204d7b9deac34d87c3b4

    • SHA256

      e455d831cd61395e72299761136903fda048bf1b2c31e485f78086a1e3793065

    • SHA512

      f6142988310b77c78896e358fdcf708afc563696cae4a812d121048180abc201be615251ffc087b4e1d9b0ef3962ecd21070cfe7d4464f5d2cbde20f701a7786

    • SSDEEP

      3072:ApnFjHocshZF6vnGt5VfkTooPtI0SDOKPr:0nzWF6GNkTtFItOCr

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks