Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ff8cc167467fafc1789656bdab467de8_JaffaCakes118

  • Size

    1KB

  • Sample

    240930-afrrhsxclp

  • MD5

    ff8cc167467fafc1789656bdab467de8

  • SHA1

    ff3f3d924012dbd249dc8cf4e9c33fa2bc5be614

  • SHA256

    d459b471566d70ba7b2b12b4caa8db1def229f69351b6418df9a52b769201005

  • SHA512

    22932482f0966c9469e9c701b0acd4852d943d6aac08358c6a7996fbe1471f5e4b3bd140da57a0374b39f7f06f07abf662583261522c118774dc3ee361069bad

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.upload.ee/download/7435588/411c441150c712390a6f/server.exe

Targets

    • Target

      ff8cc167467fafc1789656bdab467de8_JaffaCakes118

    • Size

      1KB

    • MD5

      ff8cc167467fafc1789656bdab467de8

    • SHA1

      ff3f3d924012dbd249dc8cf4e9c33fa2bc5be614

    • SHA256

      d459b471566d70ba7b2b12b4caa8db1def229f69351b6418df9a52b769201005

    • SHA512

      22932482f0966c9469e9c701b0acd4852d943d6aac08358c6a7996fbe1471f5e4b3bd140da57a0374b39f7f06f07abf662583261522c118774dc3ee361069bad

    Score
    10/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks