Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2abc54b6e60ce6150710266937592b6c_JaffaCakes118

  • Size

    200KB

  • Sample

    241009-ezch6azgka

  • MD5

    2abc54b6e60ce6150710266937592b6c

  • SHA1

    c65d5fb77f4cad3ed30203bbf869f1d912bb203e

  • SHA256

    0a28563e46f6a996870b3a452fc15959ca156ed11d39c8a5599dea17c005cdc2

  • SHA512

    8de741ed6a95aa4c0cfffa762b40f73ab1856b394d5ff75957def51b5ff7a0e4a396c9d7b347cd1150fa10c8df6109caac71dbec1e1104cd943b03e8cebfd359

  • SSDEEP

    6144:nFn9D7/p5/JpbqLGKTxRAYtUUMkRSJ91dL:x9D7/p5/JsisxRAJjaSb1h

Malware Config

Targets

    • Target

      2abc54b6e60ce6150710266937592b6c_JaffaCakes118

    • Size

      200KB

    • MD5

      2abc54b6e60ce6150710266937592b6c

    • SHA1

      c65d5fb77f4cad3ed30203bbf869f1d912bb203e

    • SHA256

      0a28563e46f6a996870b3a452fc15959ca156ed11d39c8a5599dea17c005cdc2

    • SHA512

      8de741ed6a95aa4c0cfffa762b40f73ab1856b394d5ff75957def51b5ff7a0e4a396c9d7b347cd1150fa10c8df6109caac71dbec1e1104cd943b03e8cebfd359

    • SSDEEP

      6144:nFn9D7/p5/JpbqLGKTxRAYtUUMkRSJ91dL:x9D7/p5/JsisxRAJjaSb1h

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks