Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e5fe2835f586d15788343ccfa14652e1_JaffaCakes118
-
Size
2.4MB
-
Sample
240917-eatq5ssgrg
-
MD5
e5fe2835f586d15788343ccfa14652e1
-
SHA1
b6f2c786775c833c934a650c7fc2e062c314c198
-
SHA256
3f0025199210512f0d53681832bb73b590d8298c1e29b67fb926372c076e9096
-
SHA512
32d3e99652421abfeefad4ebe0b67a9e53565afee901aae2a5e704cc47289ef92b548b9fdb7678357fa8e99a8ecca6c89599b4809653b6ae9fb08e13ced488db
-
SSDEEP
49152:BkJQ9l6KzTaTM+dt9YOiJJ2S/Mh4s1enpkWwiJ+IZbYaFv5juE76C:BkJQeGMM+dtiLro1eKai2hX6C
Malware Config
Targets
-
-
Target
e5fe2835f586d15788343ccfa14652e1_JaffaCakes118
-
Size
2.4MB
-
MD5
e5fe2835f586d15788343ccfa14652e1
-
SHA1
b6f2c786775c833c934a650c7fc2e062c314c198
-
SHA256
3f0025199210512f0d53681832bb73b590d8298c1e29b67fb926372c076e9096
-
SHA512
32d3e99652421abfeefad4ebe0b67a9e53565afee901aae2a5e704cc47289ef92b548b9fdb7678357fa8e99a8ecca6c89599b4809653b6ae9fb08e13ced488db
-
SSDEEP
49152:BkJQ9l6KzTaTM+dt9YOiJJ2S/Mh4s1enpkWwiJ+IZbYaFv5juE76C:BkJQeGMM+dtiLro1eKai2hX6C
Score10/10-
Modifies WinLogon for persistence
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1