Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f802d4ad5947d74a6044505bac255248_JaffaCakes118

  • Size

    186KB

  • Sample

    240926-kvpwks1dpe

  • MD5

    f802d4ad5947d74a6044505bac255248

  • SHA1

    e048c6ce9e14341bac366f44ce80b517b0531157

  • SHA256

    937513ddd7983c71724dfa5ef40da0fe5512a46953896750167b1ea84e5bb7b5

  • SHA512

    32331d0c0e05d1a048b935bdd0251502f7bb3a010ae343da6ac43607cb2f13e880a5771df9cc4aa7c25770c36b06852556e14c58ef4353b2af35862828a35875

  • SSDEEP

    3072:FNU0i8jvbw1C2/b5uoa1b1f0n2kbN/1Bir26GfQJENU0w:j3PACOTwr8Ym3

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      f802d4ad5947d74a6044505bac255248_JaffaCakes118

    • Size

      186KB

    • MD5

      f802d4ad5947d74a6044505bac255248

    • SHA1

      e048c6ce9e14341bac366f44ce80b517b0531157

    • SHA256

      937513ddd7983c71724dfa5ef40da0fe5512a46953896750167b1ea84e5bb7b5

    • SHA512

      32331d0c0e05d1a048b935bdd0251502f7bb3a010ae343da6ac43607cb2f13e880a5771df9cc4aa7c25770c36b06852556e14c58ef4353b2af35862828a35875

    • SSDEEP

      3072:FNU0i8jvbw1C2/b5uoa1b1f0n2kbN/1Bir26GfQJENU0w:j3PACOTwr8Ym3

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks