Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ee649b7acba8f8160465f0667c321927_JaffaCakes118

  • Size

    212KB

  • Sample

    240920-zjxvdaxdkj

  • MD5

    ee649b7acba8f8160465f0667c321927

  • SHA1

    fc4c882267bf6037212c8523d4dbc2e4276d3bf0

  • SHA256

    9a080eaab2e59991ae8cc971b2f6f2d81760db83484b5a365b5c816d19d89931

  • SHA512

    68c17cf13862c2f72b5a29885052efdf4e76ed92f95ca6550adc6ef2ad7ca1ec7ba3f98509055d4854285e4adb3c68bb7e0b07a258489cb8191d545a80ad81f3

  • SSDEEP

    6144:2c9kfgNnCYP40Xf/9PJR8WjN4VRNuX/hYH:BWfgIanlJ2YGVG/qH

Malware Config

Targets

    • Target

      ee649b7acba8f8160465f0667c321927_JaffaCakes118

    • Size

      212KB

    • MD5

      ee649b7acba8f8160465f0667c321927

    • SHA1

      fc4c882267bf6037212c8523d4dbc2e4276d3bf0

    • SHA256

      9a080eaab2e59991ae8cc971b2f6f2d81760db83484b5a365b5c816d19d89931

    • SHA512

      68c17cf13862c2f72b5a29885052efdf4e76ed92f95ca6550adc6ef2ad7ca1ec7ba3f98509055d4854285e4adb3c68bb7e0b07a258489cb8191d545a80ad81f3

    • SSDEEP

      6144:2c9kfgNnCYP40Xf/9PJR8WjN4VRNuX/hYH:BWfgIanlJ2YGVG/qH

    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks