Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    074c415b7ff6216759269472e63ef44d_JaffaCakes118

  • Size

    73KB

  • Sample

    241001-y7w3baygnn

  • MD5

    074c415b7ff6216759269472e63ef44d

  • SHA1

    238dfa827dcaa7ac3f48d30909abd20ecfedbb8e

  • SHA256

    e776bac009401a8690377b7b49ba6ff61aea4eea48e1d3f208284556292fefc3

  • SHA512

    8b93a53a7620a069ac046484f6c3ace792a8e83b6425d90de4b582f03d2dae3d2e531754708d4d7b9e2b5189b070f734cba9f43f084d11fd6615d5c9cb4ff81b

  • SSDEEP

    1536:81z9+RskvxHkV3dDivpPpfl/WZD8bWdjyv4NXuuSY5T3:y9+Rsk54tclll/RbWtyv49V3

Malware Config

Targets

    • Target

      074c415b7ff6216759269472e63ef44d_JaffaCakes118

    • Size

      73KB

    • MD5

      074c415b7ff6216759269472e63ef44d

    • SHA1

      238dfa827dcaa7ac3f48d30909abd20ecfedbb8e

    • SHA256

      e776bac009401a8690377b7b49ba6ff61aea4eea48e1d3f208284556292fefc3

    • SHA512

      8b93a53a7620a069ac046484f6c3ace792a8e83b6425d90de4b582f03d2dae3d2e531754708d4d7b9e2b5189b070f734cba9f43f084d11fd6615d5c9cb4ff81b

    • SSDEEP

      1536:81z9+RskvxHkV3dDivpPpfl/WZD8bWdjyv4NXuuSY5T3:y9+Rsk54tclll/RbWtyv49V3

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Modifies WinLogon

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks