Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    12a8a8c0b4265d1aebe11a5611718db9_JaffaCakes118

  • Size

    463KB

  • Sample

    241004-ksmnfavdqk

  • MD5

    12a8a8c0b4265d1aebe11a5611718db9

  • SHA1

    fad19cb273b1c6b5726924b8fb5949aa19b8309f

  • SHA256

    c73137fd1f2945fb1effcb951a865070700fc2c7f6b646ee7532394134e59e95

  • SHA512

    6fab602d6342875ca7d26b2760792cbe59525ada8f0cdc463a2202f7301ed277b2f4266f0742fe1934786f6d050d9ade1c33a86947ce643b7077355471c8aa4a

  • SSDEEP

    12288:NGz/+QqOwRKpf9EN1GVBS6UQySZZEs8wSvn:2+6RlKjHQySZh8wI

Malware Config

Targets

    • Target

      NODKeygen.exe

    • Size

      603KB

    • MD5

      6b27da644353449db17f11c719d41faa

    • SHA1

      cb77bf1827298e3c1d6f990b6bcac2dbaaaf26d3

    • SHA256

      3984476ed5d3e9eb74667e766a1785800ffd78e0088608dd54950fa31460b2e0

    • SHA512

      3fd7c521e9f615675f7e70c4e39d794b537a7a48c15e74dd73abb14c309da66a1802574d588f26b94b9cc5e3c5ea390977346162ebcb0709045ffeb1eb41387f

    • SSDEEP

      12288:I47B6s5kmIpMvdznMoB+SbPDn1OHnrCxc9eDQbd4laK:7pesdMoB+GncgdsbiaK

    • Boot or Logon Autostart Execution: Print Processors

      Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks