Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0982f497a252dc1c7ce68667ccb8c239_JaffaCakes118

  • Size

    25KB

  • Sample

    241002-h5pbpaxelc

  • MD5

    0982f497a252dc1c7ce68667ccb8c239

  • SHA1

    365d5e6180f6afedf02763e3e9e6a82f86e79cec

  • SHA256

    f28b8bcbffe40a4236a317a5ead1988b1fdec74df5f9fbb3725d7b88a1aaba8b

  • SHA512

    2a9bf536e250744872111d6a026c779db4dee417a01cb552129f1ae77e92bdb8746e9b0735f8062d97818eaf29f85d2719c4f648d2140e8961094d09cb4b259f

  • SSDEEP

    384:qxi2JktIDnFpccpEsAiaaB7hfO58vJrF1rJ5q9B/Jz9RYS1uHnldkeqvLNFv:R2JOIDnFp2MB7I25jrJA/x9PuHnKvL

Malware Config

Targets

    • Target

      0982f497a252dc1c7ce68667ccb8c239_JaffaCakes118

    • Size

      25KB

    • MD5

      0982f497a252dc1c7ce68667ccb8c239

    • SHA1

      365d5e6180f6afedf02763e3e9e6a82f86e79cec

    • SHA256

      f28b8bcbffe40a4236a317a5ead1988b1fdec74df5f9fbb3725d7b88a1aaba8b

    • SHA512

      2a9bf536e250744872111d6a026c779db4dee417a01cb552129f1ae77e92bdb8746e9b0735f8062d97818eaf29f85d2719c4f648d2140e8961094d09cb4b259f

    • SSDEEP

      384:qxi2JktIDnFpccpEsAiaaB7hfO58vJrF1rJ5q9B/Jz9RYS1uHnldkeqvLNFv:R2JOIDnFp2MB7I25jrJA/x9PuHnKvL

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks