Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

faeb0dd37f...18.exe

windows7-x64

7

faeb0dd37f...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    faeb0dd37f78b31302f32584a087a765_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240927-z3fp7szdqq

  • MD5

    faeb0dd37f78b31302f32584a087a765

  • SHA1

    7f51e3df8f6ab33215001a95ba6899b186caeafc

  • SHA256

    ee5c551c628f1d8e12b9552af557de33f7b2f1b26ab8118f5876dc3716d2f65c

  • SHA512

    91cfc116cf53f0a22024a7e085314b8a85c87fd6867397001248497cc581e3d6b648d16a4d9be90b33528f225e7aab8e4da477862dce8fcce2869d362d80a0a2

  • SSDEEP

    24576:Ec//////VEqZkTh6gazysQATrtsLDgCjGx96AxvtyrM9gdTZ7XH8/B7WTky:Ec//////uqZgkgxsNQDbjGx9pvtABpXL

Score
7/10
discoverypersistenceupxvmprotect

Malware Config

Targets

    • Target

      faeb0dd37f78b31302f32584a087a765_JaffaCakes118

    • Size

      1.2MB

    • MD5

      faeb0dd37f78b31302f32584a087a765

    • SHA1

      7f51e3df8f6ab33215001a95ba6899b186caeafc

    • SHA256

      ee5c551c628f1d8e12b9552af557de33f7b2f1b26ab8118f5876dc3716d2f65c

    • SHA512

      91cfc116cf53f0a22024a7e085314b8a85c87fd6867397001248497cc581e3d6b648d16a4d9be90b33528f225e7aab8e4da477862dce8fcce2869d362d80a0a2

    • SSDEEP

      24576:Ec//////VEqZkTh6gazysQATrtsLDgCjGx96AxvtyrM9gdTZ7XH8/B7WTky:Ec//////uqZgkgxsNQDbjGx9pvtABpXL

    Score
    7/10
    discoverypersistenceupxvmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks