Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    126978bf2654bd4cd5320de025e34ee7_JaffaCakes118

  • Size

    968KB

  • Sample

    241004-jdjgsswbjb

  • MD5

    126978bf2654bd4cd5320de025e34ee7

  • SHA1

    89f3ae11375e23502eff74ebcdba13152186cc04

  • SHA256

    d396afe03cd67614bec52a820072d6b46a6eb1e437d85fc3ebc90f7c8f1fa4e9

  • SHA512

    de5d80eff72875d47a9a5c785ebe2eb555156c845c4d31ad07d7048fc10d664d466ada3f01bf87838e258d1b365b2f7c3d7a2064a1f82e123fc60bedc0db684d

  • SSDEEP

    24576:eaHMv6CorjqnyC8HFsj9dHHlUKh5Wgbuss5:e1vqjdC8HFczHFUmxbuss5

Malware Config

Targets

    • Target

      126978bf2654bd4cd5320de025e34ee7_JaffaCakes118

    • Size

      968KB

    • MD5

      126978bf2654bd4cd5320de025e34ee7

    • SHA1

      89f3ae11375e23502eff74ebcdba13152186cc04

    • SHA256

      d396afe03cd67614bec52a820072d6b46a6eb1e437d85fc3ebc90f7c8f1fa4e9

    • SHA512

      de5d80eff72875d47a9a5c785ebe2eb555156c845c4d31ad07d7048fc10d664d466ada3f01bf87838e258d1b365b2f7c3d7a2064a1f82e123fc60bedc0db684d

    • SSDEEP

      24576:eaHMv6CorjqnyC8HFsj9dHHlUKh5Wgbuss5:e1vqjdC8HFczHFUmxbuss5

    • Modifies visiblity of hidden/system files in Explorer

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks