Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1113545d1698c9739abfaafeee18e793_JaffaCakes118

  • Size

    75KB

  • Sample

    241004-aq6cnavbrn

  • MD5

    1113545d1698c9739abfaafeee18e793

  • SHA1

    a1759d9aa0173295179da8c0c3da31759600444f

  • SHA256

    ba35311af13c6b3ef2f6c88719c0b749d46d8b67f4816f19b2c408320643702f

  • SHA512

    eab1fbb738980991aff3a0451de12882959e5dca637662ae2679ad92836f45fdc3c4cd397df41d9817550aa31df50f6d00ccc23e8a954bc58b34ec1a5900e75d

  • SSDEEP

    768:+DovwCsOCNR/ERVoDQGXCTQcrRTeKbRJzN0drsT92Aki51/5ysTfWlA32GWFFAW2:RvwtM3XRd3NErsR2GysT8AIppDVu

Malware Config

Targets

    • Target

      1113545d1698c9739abfaafeee18e793_JaffaCakes118

    • Size

      75KB

    • MD5

      1113545d1698c9739abfaafeee18e793

    • SHA1

      a1759d9aa0173295179da8c0c3da31759600444f

    • SHA256

      ba35311af13c6b3ef2f6c88719c0b749d46d8b67f4816f19b2c408320643702f

    • SHA512

      eab1fbb738980991aff3a0451de12882959e5dca637662ae2679ad92836f45fdc3c4cd397df41d9817550aa31df50f6d00ccc23e8a954bc58b34ec1a5900e75d

    • SSDEEP

      768:+DovwCsOCNR/ERVoDQGXCTQcrRTeKbRJzN0drsT92Aki51/5ysTfWlA32GWFFAW2:RvwtM3XRd3NErsR2GysT8AIppDVu

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks