Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f9a00dc4a9637fa216630f4d5e2c8b37_JaffaCakes118

  • Size

    98KB

  • Sample

    240927-d1l9bawcmb

  • MD5

    f9a00dc4a9637fa216630f4d5e2c8b37

  • SHA1

    58c2ea15ecab7eb1674fb3a29f0b72b222da826b

  • SHA256

    120c24760fff974d67ae75bfbc2dba7cf583170cdf2a8c31adf9691cc77a0ef5

  • SHA512

    15edf799761216a564d4872811a02dc3c269a2dc7a66f5fe399624e1524df16323c66434527a2f39be4784c85143dc57632f94e87afe640862eaef3186edb33a

  • SSDEEP

    1536:9AuxfK6DOHpn2+3wc+TBsYu1fOc7kOi1mkCzzT/sX083Mkd3cklj:9AeAJ2+3YvyfOAsmkC3T/K5MEP

Malware Config

Targets

    • Target

      f9a00dc4a9637fa216630f4d5e2c8b37_JaffaCakes118

    • Size

      98KB

    • MD5

      f9a00dc4a9637fa216630f4d5e2c8b37

    • SHA1

      58c2ea15ecab7eb1674fb3a29f0b72b222da826b

    • SHA256

      120c24760fff974d67ae75bfbc2dba7cf583170cdf2a8c31adf9691cc77a0ef5

    • SHA512

      15edf799761216a564d4872811a02dc3c269a2dc7a66f5fe399624e1524df16323c66434527a2f39be4784c85143dc57632f94e87afe640862eaef3186edb33a

    • SSDEEP

      1536:9AuxfK6DOHpn2+3wc+TBsYu1fOc7kOi1mkCzzT/sX083Mkd3cklj:9AeAJ2+3YvyfOAsmkC3T/K5MEP

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks