Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0961737a83eb09be3ae6d2facf66585b_JaffaCakes118

  • Size

    163KB

  • Sample

    241002-hhtynascnr

  • MD5

    0961737a83eb09be3ae6d2facf66585b

  • SHA1

    a173534e27843fda1d43770e145d157cbe35f911

  • SHA256

    68fa0f7a449e7df16b57ebd727ce1081c81a1a4d6980a680e03f730b4836d44b

  • SHA512

    47e2a21b31a3ebf26be791374d38bbff1605e707965ab3dcdc935b9c07d7d9d5604207441c802fc8e55ad8cb3de1265a1b1dc93e8bd77c002fe948d1cbe377ae

  • SSDEEP

    3072:R5Qs1OAoJgp6z22G/wTa7lDyr/vzq2/P2I1k3U+BTNLIK1yZj73833xWfZ:RNcgg24el2bvO2/P2jTNLIyyZ8O

Malware Config

Targets

    • Target

      0961737a83eb09be3ae6d2facf66585b_JaffaCakes118

    • Size

      163KB

    • MD5

      0961737a83eb09be3ae6d2facf66585b

    • SHA1

      a173534e27843fda1d43770e145d157cbe35f911

    • SHA256

      68fa0f7a449e7df16b57ebd727ce1081c81a1a4d6980a680e03f730b4836d44b

    • SHA512

      47e2a21b31a3ebf26be791374d38bbff1605e707965ab3dcdc935b9c07d7d9d5604207441c802fc8e55ad8cb3de1265a1b1dc93e8bd77c002fe948d1cbe377ae

    • SSDEEP

      3072:R5Qs1OAoJgp6z22G/wTa7lDyr/vzq2/P2I1k3U+BTNLIK1yZj73833xWfZ:RNcgg24el2bvO2/P2jTNLIyyZ8O

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks