Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    145496abaebd8c7fa375699c15a22f5d_JaffaCakes118

  • Size

    147KB

  • Sample

    241004-waytja1hjd

  • MD5

    145496abaebd8c7fa375699c15a22f5d

  • SHA1

    285a92079da710f43c1824e30285b631564bdef3

  • SHA256

    1e7e4fd69977aa3ea2edb53e26bfc211d0f05f5c64cbd6b42a441d32748b4d0b

  • SHA512

    aad36b531939b888f87bc0a7ca5b15fa27c8ebb6331ad0a3854b472cd082ab4cba4a9ea0d9db7d085c9c598244b2c42a1a4e01f29e92e5751db22089420f8a1d

  • SSDEEP

    3072:F5F53F795uW3qol65oKqJSNmt2o7duyJH5tAGbIF9mz:Dj5uOlSotSNw3LOG

Malware Config

Targets

    • Target

      145496abaebd8c7fa375699c15a22f5d_JaffaCakes118

    • Size

      147KB

    • MD5

      145496abaebd8c7fa375699c15a22f5d

    • SHA1

      285a92079da710f43c1824e30285b631564bdef3

    • SHA256

      1e7e4fd69977aa3ea2edb53e26bfc211d0f05f5c64cbd6b42a441d32748b4d0b

    • SHA512

      aad36b531939b888f87bc0a7ca5b15fa27c8ebb6331ad0a3854b472cd082ab4cba4a9ea0d9db7d085c9c598244b2c42a1a4e01f29e92e5751db22089420f8a1d

    • SSDEEP

      3072:F5F53F795uW3qol65oKqJSNmt2o7duyJH5tAGbIF9mz:Dj5uOlSotSNw3LOG

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks