Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2d814564ff4574bd423496bdd6105c24_JaffaCakes118
-
Size
151KB
-
Sample
241009-jnzxjazemc
-
MD5
2d814564ff4574bd423496bdd6105c24
-
SHA1
235d0914151a37b46178279f4793fc52acad2cfb
-
SHA256
ac24889f515b094fdf81f3d0144fb97357484a5b01bd65ac3e4b68c34b7c28c2
-
SHA512
7d1fe28a802738c1a5b212f338d8c8f41b449144e083dac28439225f46edd69d6e24944da7749f9aec968165585200a1188c6d5bec4e63fc5806158a3535ec80
-
SSDEEP
3072:tAsj8MBX8s0oXJB/sOea7NSnQLz0ZW5DRJCMs3onqr55w3jFTDGW3U:tAsBZjsOunGzL5s/rzwzNDGW3U
Static task
static1
Behavioral task
behavioral1
Sample
2d814564ff4574bd423496bdd6105c24_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2d814564ff4574bd423496bdd6105c24_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
demulsifier.dll
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
demulsifier.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2d814564ff4574bd423496bdd6105c24_JaffaCakes118
-
Size
151KB
-
MD5
2d814564ff4574bd423496bdd6105c24
-
SHA1
235d0914151a37b46178279f4793fc52acad2cfb
-
SHA256
ac24889f515b094fdf81f3d0144fb97357484a5b01bd65ac3e4b68c34b7c28c2
-
SHA512
7d1fe28a802738c1a5b212f338d8c8f41b449144e083dac28439225f46edd69d6e24944da7749f9aec968165585200a1188c6d5bec4e63fc5806158a3535ec80
-
SSDEEP
3072:tAsj8MBX8s0oXJB/sOea7NSnQLz0ZW5DRJCMs3onqr55w3jFTDGW3U:tAsBZjsOunGzL5s/rzwzNDGW3U
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
883eff06ac96966270731e4e22817e11
-
SHA1
523c87c98236cbc04430e87ec19b977595092ac8
-
SHA256
44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82
-
SHA512
60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390
-
SSDEEP
96:UPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+l:UPtkuWJX7zB3kGwfy0nyUVsxCjOMb1u
Score3/10 -
-
-
Target
demulsifier.dll
-
Size
48KB
-
MD5
0f7f8bae2118868084d406681891e516
-
SHA1
85c617dda6681684fc43b072d19b84c5814202ae
-
SHA256
673c5ad011a6b210b5be729f58ec096133db23d09ee29ab8006dd04e0f107321
-
SHA512
8b30135f51b8b36f24d0170d615610ce8a5c82d0520b16662e2aa9711074996812f57bb9a6d7202c626f6484c82cb72b3467d469cd395423dd9aa21b6dcc24aa
-
SSDEEP
768:qUQwWHkeTKfAq89CyPdPP+pgIG/8oiK5Dv:TokeTKfm9dP8vRoR
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1