Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    03b7fa50f416ae09412627c0bbb99ad1_JaffaCakes118

  • Size

    300KB

  • Sample

    241001-af667s1flr

  • MD5

    03b7fa50f416ae09412627c0bbb99ad1

  • SHA1

    d4d907f89806dcbd104f2e167dcc69e1e54a12e6

  • SHA256

    ea83e0fba686de3d72c6cb003eae4b1c44b7ad6d1b6584d52a91719f9a14615b

  • SHA512

    940d8d4446e568b0b4c8b08c3a8e2045f3104c9fb09dd095b9bb4222808ca5a4eea95a9822a3763ed474f2c4d1a1816253d893443a79976bdd3ab1a62df10bfa

  • SSDEEP

    6144:KAJS1s34ZRO8+8pM9IE0BRqDZRDpcbveFQRPZa8t4CAjBjuFzb2SeNU4G:nS1sIZcYpqWqDZ5TQRc+A1jSb2SsB

Malware Config

Targets

    • Target

      03b7fa50f416ae09412627c0bbb99ad1_JaffaCakes118

    • Size

      300KB

    • MD5

      03b7fa50f416ae09412627c0bbb99ad1

    • SHA1

      d4d907f89806dcbd104f2e167dcc69e1e54a12e6

    • SHA256

      ea83e0fba686de3d72c6cb003eae4b1c44b7ad6d1b6584d52a91719f9a14615b

    • SHA512

      940d8d4446e568b0b4c8b08c3a8e2045f3104c9fb09dd095b9bb4222808ca5a4eea95a9822a3763ed474f2c4d1a1816253d893443a79976bdd3ab1a62df10bfa

    • SSDEEP

      6144:KAJS1s34ZRO8+8pM9IE0BRqDZRDpcbveFQRPZa8t4CAjBjuFzb2SeNU4G:nS1sIZcYpqWqDZ5TQRc+A1jSb2SsB

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks