Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    efb9891ddb30cb3dea7dfbe51c295a15_JaffaCakes118

  • Size

    3.8MB

  • Sample

    240921-nxv26azhnh

  • MD5

    efb9891ddb30cb3dea7dfbe51c295a15

  • SHA1

    987be11a59a129cc0d4e71fcfddeb3adf596e262

  • SHA256

    c8c1be11b7eadaef5fd7d78d2d6c4d9944f6f59b783b4f4b7c7f3eac8e68143d

  • SHA512

    cfb93d327b9914e831bce6932f09be7d809c25418e401f39182515082291d16fc4883fcdb93b7bb2fed3bc753de00e61371aaf4d00e0a6c68fbc4c0e37424487

  • SSDEEP

    98304:+znOEj82saUwGJX87Q2iLcJ6Jg4G+SAdR:+n9slwGJXqvJ6JgdU

Malware Config

Targets

    • Target

      efb9891ddb30cb3dea7dfbe51c295a15_JaffaCakes118

    • Size

      3.8MB

    • MD5

      efb9891ddb30cb3dea7dfbe51c295a15

    • SHA1

      987be11a59a129cc0d4e71fcfddeb3adf596e262

    • SHA256

      c8c1be11b7eadaef5fd7d78d2d6c4d9944f6f59b783b4f4b7c7f3eac8e68143d

    • SHA512

      cfb93d327b9914e831bce6932f09be7d809c25418e401f39182515082291d16fc4883fcdb93b7bb2fed3bc753de00e61371aaf4d00e0a6c68fbc4c0e37424487

    • SSDEEP

      98304:+znOEj82saUwGJX87Q2iLcJ6Jg4G+SAdR:+n9slwGJXqvJ6JgdU

    • UAC bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks