Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3805ed8a271ce1e3eb9c80ce61945ede_JaffaCakes118

  • Size

    3.9MB

  • Sample

    241012-cy1s9axgje

  • MD5

    3805ed8a271ce1e3eb9c80ce61945ede

  • SHA1

    80e33752670474d84478a62d0dd50e8f5d051ffc

  • SHA256

    32f5183395c20856fa10399da6d5dde99135507b4125a7b2c0b957e9de37d8c1

  • SHA512

    20a9e9f49369c97e195948b214955971e8f42356892f465e0edd72aaa778af6e9ba93a1ef53516321cba64fb0d7536d2d646a0abbe944e12106ebf585cfcabe3

  • SSDEEP

    98304:waE9LOk6Nx4J8PG2cNS2fnzvWUvJYvtlyGviSJNIvB6j:ueH4J8Pi4onLWHLygHHj

Malware Config

Targets

    • Target

      3805ed8a271ce1e3eb9c80ce61945ede_JaffaCakes118

    • Size

      3.9MB

    • MD5

      3805ed8a271ce1e3eb9c80ce61945ede

    • SHA1

      80e33752670474d84478a62d0dd50e8f5d051ffc

    • SHA256

      32f5183395c20856fa10399da6d5dde99135507b4125a7b2c0b957e9de37d8c1

    • SHA512

      20a9e9f49369c97e195948b214955971e8f42356892f465e0edd72aaa778af6e9ba93a1ef53516321cba64fb0d7536d2d646a0abbe944e12106ebf585cfcabe3

    • SSDEEP

      98304:waE9LOk6Nx4J8PG2cNS2fnzvWUvJYvtlyGviSJNIvB6j:ueH4J8Pi4onLWHLygHHj

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v15

Tasks