Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e4b41c63ce86fd1df6e2d88d2d27c055_JaffaCakes118

  • Size

    80KB

  • Sample

    240916-nw71bswbja

  • MD5

    e4b41c63ce86fd1df6e2d88d2d27c055

  • SHA1

    f68aec6f694b98590102d2d6ebf57d5177d9bf1d

  • SHA256

    14ba3ecb0c36a04be8f49edc9bec0bdc7d07056decebdf0298fd99534fcc91eb

  • SHA512

    8b49295b3fad77ea101986b5037ffed47a5b9586611cf5ffe4d1ec6f319ae5d8596600f8b9bd6fb6a31deb67177c30fb581f69e28b2551f524492dcf84ae215c

  • SSDEEP

    1536:Hwhboay8bMecqi8Ejt3UB+Md7z3HALE5h7eUJAToTtNWKnbXtXI4ZG:Hwhzy8fhi8w2dHALE5hSlMzbX9NG

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      e4b41c63ce86fd1df6e2d88d2d27c055_JaffaCakes118

    • Size

      80KB

    • MD5

      e4b41c63ce86fd1df6e2d88d2d27c055

    • SHA1

      f68aec6f694b98590102d2d6ebf57d5177d9bf1d

    • SHA256

      14ba3ecb0c36a04be8f49edc9bec0bdc7d07056decebdf0298fd99534fcc91eb

    • SHA512

      8b49295b3fad77ea101986b5037ffed47a5b9586611cf5ffe4d1ec6f319ae5d8596600f8b9bd6fb6a31deb67177c30fb581f69e28b2551f524492dcf84ae215c

    • SSDEEP

      1536:Hwhboay8bMecqi8Ejt3UB+Md7z3HALE5h7eUJAToTtNWKnbXtXI4ZG:Hwhzy8fhi8w2dHALE5hSlMzbX9NG

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks