Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3f0925c1fd8aaefdf93df7ba8f303f44_JaffaCakes118

  • Size

    177KB

  • Sample

    241013-lafb3syfng

  • MD5

    3f0925c1fd8aaefdf93df7ba8f303f44

  • SHA1

    a3eeec9bf477d757ef7ae440d8271ba3d47cee3f

  • SHA256

    0c8f60fd860bae0ddb4fcf9c5c1f42aee00a3f89fc69a1a7d188ef3edbcb6601

  • SHA512

    3e70c06089b30fa8f872ebb6c0a4ded1e375e2468ee58cdd5a8590d4d67c05cd699e1c69127fec7483d1aac5be78ef607b32c5e444c415fa0f4b842b96477f4b

  • SSDEEP

    3072:J2JPSziqoylUumgeNoDFbQgvuBisXjQIsE66OIT26L8Tz6YAIbKWPikObX7G+uoY:YeXlwgeNkUgGBxXJeI/L8SWPiJYn

Malware Config

Targets

    • Target

      3f0925c1fd8aaefdf93df7ba8f303f44_JaffaCakes118

    • Size

      177KB

    • MD5

      3f0925c1fd8aaefdf93df7ba8f303f44

    • SHA1

      a3eeec9bf477d757ef7ae440d8271ba3d47cee3f

    • SHA256

      0c8f60fd860bae0ddb4fcf9c5c1f42aee00a3f89fc69a1a7d188ef3edbcb6601

    • SHA512

      3e70c06089b30fa8f872ebb6c0a4ded1e375e2468ee58cdd5a8590d4d67c05cd699e1c69127fec7483d1aac5be78ef607b32c5e444c415fa0f4b842b96477f4b

    • SSDEEP

      3072:J2JPSziqoylUumgeNoDFbQgvuBisXjQIsE66OIT26L8Tz6YAIbKWPikObX7G+uoY:YeXlwgeNkUgGBxXJeI/L8SWPiJYn

    • Deletes itself

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks