Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    039e3bbbdc4b89f74154a95535c37a34_JaffaCakes118

  • Size

    96KB

  • Sample

    240930-3hgcsavake

  • MD5

    039e3bbbdc4b89f74154a95535c37a34

  • SHA1

    55932bfb068803b176e25c1967f0e13c26d7caee

  • SHA256

    8c6a9cf0261f8ab2478cdb28448a1c41511e491604b09cb303253eab79cae923

  • SHA512

    6896585915e98be47d0f539c216a338ac76d4220d2e0419504134268cbeadfeb58fffae6982bd42ac2aa7c19fcea6903a567ac74ad5f96429367334c11a90201

  • SSDEEP

    1536:n6QBHjf6cO/hxkGulSc16l6u+NMMl/KlYv1Tq5ThF/NIjnZKh:14hWlu8CFF/Cn0h

Malware Config

Targets

    • Target

      039e3bbbdc4b89f74154a95535c37a34_JaffaCakes118

    • Size

      96KB

    • MD5

      039e3bbbdc4b89f74154a95535c37a34

    • SHA1

      55932bfb068803b176e25c1967f0e13c26d7caee

    • SHA256

      8c6a9cf0261f8ab2478cdb28448a1c41511e491604b09cb303253eab79cae923

    • SHA512

      6896585915e98be47d0f539c216a338ac76d4220d2e0419504134268cbeadfeb58fffae6982bd42ac2aa7c19fcea6903a567ac74ad5f96429367334c11a90201

    • SSDEEP

      1536:n6QBHjf6cO/hxkGulSc16l6u+NMMl/KlYv1Tq5ThF/NIjnZKh:14hWlu8CFF/Cn0h

    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks