Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f0a70e31be7b566cc27bd8a96628bbdf_JaffaCakes118

  • Size

    167KB

  • Sample

    240921-1cxfpsverm

  • MD5

    f0a70e31be7b566cc27bd8a96628bbdf

  • SHA1

    e482944811814e3692694c27b2a69e14c5ec199c

  • SHA256

    adf0fdbe8d374b4251f8e42e2164c66ad52a9e43b6c462fff0755c309819b9a8

  • SHA512

    8672b3b6f47370582b69e785d46af7d05ca0fd48b003960d2543651b1757ff7bfd09fd7bf9c4fc28a6c4b6dfc486bb2b12fb540c7dbb3975e700536b3923d778

  • SSDEEP

    3072:8JMY/xPO2RFalMaCTRhWxpev9XX9makoI6Qd2MtKoK+:8v/FRgkoQ9n92oz4U

Malware Config

Targets

    • Target

      f0a70e31be7b566cc27bd8a96628bbdf_JaffaCakes118

    • Size

      167KB

    • MD5

      f0a70e31be7b566cc27bd8a96628bbdf

    • SHA1

      e482944811814e3692694c27b2a69e14c5ec199c

    • SHA256

      adf0fdbe8d374b4251f8e42e2164c66ad52a9e43b6c462fff0755c309819b9a8

    • SHA512

      8672b3b6f47370582b69e785d46af7d05ca0fd48b003960d2543651b1757ff7bfd09fd7bf9c4fc28a6c4b6dfc486bb2b12fb540c7dbb3975e700536b3923d778

    • SSDEEP

      3072:8JMY/xPO2RFalMaCTRhWxpev9XX9makoI6Qd2MtKoK+:8v/FRgkoQ9n92oz4U

    • Deletes itself

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks