Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f653945662ad61108c61c654f473b4d7_JaffaCakes118

  • Size

    99KB

  • Sample

    240925-s3f8eawgmc

  • MD5

    f653945662ad61108c61c654f473b4d7

  • SHA1

    f29fc3bbaebcea2752e247b317ca582d51715c9d

  • SHA256

    462d7f464400677a6c746363e9b64895442a24dcb8a4b951609dce3aa635a0b9

  • SHA512

    0842972831a6b9508f870b3a194b9fcfbad3565f533066a193553a4a07d1b1db96493dbbe702b9f75b78f8d0671082d1f59756bdd825283abb921cc491d1f67c

  • SSDEEP

    3072:BixUnJoxphJ7dGz8K5uFd5Y7+CVukbkmJjbux7i9:BixqoxL1HKEFG

Malware Config

Targets

    • Target

      f653945662ad61108c61c654f473b4d7_JaffaCakes118

    • Size

      99KB

    • MD5

      f653945662ad61108c61c654f473b4d7

    • SHA1

      f29fc3bbaebcea2752e247b317ca582d51715c9d

    • SHA256

      462d7f464400677a6c746363e9b64895442a24dcb8a4b951609dce3aa635a0b9

    • SHA512

      0842972831a6b9508f870b3a194b9fcfbad3565f533066a193553a4a07d1b1db96493dbbe702b9f75b78f8d0671082d1f59756bdd825283abb921cc491d1f67c

    • SSDEEP

      3072:BixUnJoxphJ7dGz8K5uFd5Y7+CVukbkmJjbux7i9:BixqoxL1HKEFG

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks