Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    464d0df40e812b559193270a015096de_JaffaCakes118

  • Size

    228KB

  • Sample

    241015-hd1kmszepf

  • MD5

    464d0df40e812b559193270a015096de

  • SHA1

    c99b6aef26c3d2dbb757ae9f059ccfa94e60908a

  • SHA256

    013d9902e74c6a2e2c9830361d00dca773bf28e5db7f22eb5618b02e2ffcb646

  • SHA512

    f1dc26eda36d83fa633c0671695ae033438dd17e878321c0aedb0189bafcec9e297578ee24507937d5e97a8b268b1ef93ee86d9781d0ad3149da88f1003035d0

  • SSDEEP

    6144:GclnqLykWN4Sl52tIbWeA+Slppx7wVANJmc:GAnqLybcIytPw

Score
7/10

Malware Config

Targets

    • Target

      464d0df40e812b559193270a015096de_JaffaCakes118

    • Size

      228KB

    • MD5

      464d0df40e812b559193270a015096de

    • SHA1

      c99b6aef26c3d2dbb757ae9f059ccfa94e60908a

    • SHA256

      013d9902e74c6a2e2c9830361d00dca773bf28e5db7f22eb5618b02e2ffcb646

    • SHA512

      f1dc26eda36d83fa633c0671695ae033438dd17e878321c0aedb0189bafcec9e297578ee24507937d5e97a8b268b1ef93ee86d9781d0ad3149da88f1003035d0

    • SSDEEP

      6144:GclnqLykWN4Sl52tIbWeA+Slppx7wVANJmc:GAnqLybcIytPw

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks