Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
03b7fa50f416ae09412627c0bbb99ad1_JaffaCakes118
-
Size
300KB
-
Sample
241001-af667s1flr
-
MD5
03b7fa50f416ae09412627c0bbb99ad1
-
SHA1
d4d907f89806dcbd104f2e167dcc69e1e54a12e6
-
SHA256
ea83e0fba686de3d72c6cb003eae4b1c44b7ad6d1b6584d52a91719f9a14615b
-
SHA512
940d8d4446e568b0b4c8b08c3a8e2045f3104c9fb09dd095b9bb4222808ca5a4eea95a9822a3763ed474f2c4d1a1816253d893443a79976bdd3ab1a62df10bfa
-
SSDEEP
6144:KAJS1s34ZRO8+8pM9IE0BRqDZRDpcbveFQRPZa8t4CAjBjuFzb2SeNU4G:nS1sIZcYpqWqDZ5TQRc+A1jSb2SsB
Malware Config
Targets
-
-
Target
03b7fa50f416ae09412627c0bbb99ad1_JaffaCakes118
-
Size
300KB
-
MD5
03b7fa50f416ae09412627c0bbb99ad1
-
SHA1
d4d907f89806dcbd104f2e167dcc69e1e54a12e6
-
SHA256
ea83e0fba686de3d72c6cb003eae4b1c44b7ad6d1b6584d52a91719f9a14615b
-
SHA512
940d8d4446e568b0b4c8b08c3a8e2045f3104c9fb09dd095b9bb4222808ca5a4eea95a9822a3763ed474f2c4d1a1816253d893443a79976bdd3ab1a62df10bfa
-
SSDEEP
6144:KAJS1s34ZRO8+8pM9IE0BRqDZRDpcbveFQRPZa8t4CAjBjuFzb2SeNU4G:nS1sIZcYpqWqDZ5TQRc+A1jSb2SsB
Score8/10-
Server Software Component: Terminal Services DLL
-
Deletes itself
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-