Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0edb9a52b427455acdb77e1c4e851cbc_JaffaCakes118

  • Size

    17KB

  • Sample

    241003-kwer1ayckd

  • MD5

    0edb9a52b427455acdb77e1c4e851cbc

  • SHA1

    1d4dd5431ce38a520241c55b44a9fff86ae67f75

  • SHA256

    45ec34cc6799fa732287baf5753102f6e175b12deffcdbc20d388e70a2468d82

  • SHA512

    c93c1d4963114c38a84a9178ff2109148b39e93640cc8f5a16678be8eca79dd277526fbc80b01aeffa73c0f77c5426cad02d6d8b80a08e9a61a4d72bbc2c1b95

  • SSDEEP

    384:WFMe4yLm91cmZO2Zp+Nye8pqrmub8TyztsDN:WemmLoKK8o8TyJc

Malware Config

Targets

    • Target

      0edb9a52b427455acdb77e1c4e851cbc_JaffaCakes118

    • Size

      17KB

    • MD5

      0edb9a52b427455acdb77e1c4e851cbc

    • SHA1

      1d4dd5431ce38a520241c55b44a9fff86ae67f75

    • SHA256

      45ec34cc6799fa732287baf5753102f6e175b12deffcdbc20d388e70a2468d82

    • SHA512

      c93c1d4963114c38a84a9178ff2109148b39e93640cc8f5a16678be8eca79dd277526fbc80b01aeffa73c0f77c5426cad02d6d8b80a08e9a61a4d72bbc2c1b95

    • SSDEEP

      384:WFMe4yLm91cmZO2Zp+Nye8pqrmub8TyztsDN:WemmLoKK8o8TyJc

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks