Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0becd7229571e379239db1960b2b715a_JaffaCakes118

  • Size

    104KB

  • Sample

    241002-wsetdazdjp

  • MD5

    0becd7229571e379239db1960b2b715a

  • SHA1

    1fb6afe653d73f27a06f78da8da03de5c3612914

  • SHA256

    ea688ec83f98b87c8ca333e62a01761626f9fceaf2e56dd6358087d38a4505b3

  • SHA512

    caee10a9a43f27bbcfc1baee63df3c74d22091468520e78043515c2d6208ecc60c4b35eb3bb64ec6cd19b464f7a9e6e54f3fb11e9599728ab67b4948e3647386

  • SSDEEP

    3072:uetDOSpgJremwXSAvNdH1w4IqeolDHXOMxiU:2Spgxem/4NbTIq9D3Vxi

Malware Config

Targets

    • Target

      0becd7229571e379239db1960b2b715a_JaffaCakes118

    • Size

      104KB

    • MD5

      0becd7229571e379239db1960b2b715a

    • SHA1

      1fb6afe653d73f27a06f78da8da03de5c3612914

    • SHA256

      ea688ec83f98b87c8ca333e62a01761626f9fceaf2e56dd6358087d38a4505b3

    • SHA512

      caee10a9a43f27bbcfc1baee63df3c74d22091468520e78043515c2d6208ecc60c4b35eb3bb64ec6cd19b464f7a9e6e54f3fb11e9599728ab67b4948e3647386

    • SSDEEP

      3072:uetDOSpgJremwXSAvNdH1w4IqeolDHXOMxiU:2Spgxem/4NbTIq9D3Vxi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks