Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    11b8ed7818b874e5ee7a1d1694637023_JaffaCakes118

  • Size

    132KB

  • Sample

    241004-ee5dfashmk

  • MD5

    11b8ed7818b874e5ee7a1d1694637023

  • SHA1

    c0bad45eb3f7b222146283d9b846977f8575a88b

  • SHA256

    ca334a40d33507790776983aed820a0ea3d9e0fcddddd5024efd39e16cd7b4f6

  • SHA512

    34d9aef98867f984f0dbc81b4e5ed99f4be769c3484f5e6c07046884c5291aecb4555791153307741c5b69fb11b298508ddfd9952d976435a7fceca9a1b2f222

  • SSDEEP

    3072:Z+Fi+VjV3lj/HeWVbrzQ7ITkD2TLjvaw5D8:j+VVRa2r

Malware Config

Targets

    • Target

      11b8ed7818b874e5ee7a1d1694637023_JaffaCakes118

    • Size

      132KB

    • MD5

      11b8ed7818b874e5ee7a1d1694637023

    • SHA1

      c0bad45eb3f7b222146283d9b846977f8575a88b

    • SHA256

      ca334a40d33507790776983aed820a0ea3d9e0fcddddd5024efd39e16cd7b4f6

    • SHA512

      34d9aef98867f984f0dbc81b4e5ed99f4be769c3484f5e6c07046884c5291aecb4555791153307741c5b69fb11b298508ddfd9952d976435a7fceca9a1b2f222

    • SSDEEP

      3072:Z+Fi+VjV3lj/HeWVbrzQ7ITkD2TLjvaw5D8:j+VVRa2r

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks