Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    438fee4986d75c2fb9a1f9239010f8ca_JaffaCakes118

  • Size

    698KB

  • Sample

    241014-wyt59atamj

  • MD5

    438fee4986d75c2fb9a1f9239010f8ca

  • SHA1

    c29e54756f10517557349c0bdb573d7847e00429

  • SHA256

    4edebdad5db6686b6d2310bac908929c40bb126f0d67bc6251207c397b23e0c7

  • SHA512

    ea6fd27158a95f167074548200aef75cb0089c47ac9a21a074374bd082f3d44ae4e21baa490cb1869351010b8e11f7815f44c7d4bd89b26e8296aa4dd55d8598

  • SSDEEP

    12288:pQyHYh6UeeLrQp0/XoU8bTRsdi9JSZPLGhX9H1QO7l4n2A1muOhsXL:pQ6UeeLkMB8bTRskSjeXh+Ok7OhY

Malware Config

Targets

    • Target

      438fee4986d75c2fb9a1f9239010f8ca_JaffaCakes118

    • Size

      698KB

    • MD5

      438fee4986d75c2fb9a1f9239010f8ca

    • SHA1

      c29e54756f10517557349c0bdb573d7847e00429

    • SHA256

      4edebdad5db6686b6d2310bac908929c40bb126f0d67bc6251207c397b23e0c7

    • SHA512

      ea6fd27158a95f167074548200aef75cb0089c47ac9a21a074374bd082f3d44ae4e21baa490cb1869351010b8e11f7815f44c7d4bd89b26e8296aa4dd55d8598

    • SSDEEP

      12288:pQyHYh6UeeLrQp0/XoU8bTRsdi9JSZPLGhX9H1QO7l4n2A1muOhsXL:pQ6UeeLkMB8bTRskSjeXh+Ok7OhY

    • CTB-Locker

      Ransomware family which uses Tor to hide its C2 communications.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks