Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4bc47294a5d7f790900cedb1abba6688_JaffaCakes118

  • Size

    1.8MB

  • Sample

    241016-halmba1gqk

  • MD5

    4bc47294a5d7f790900cedb1abba6688

  • SHA1

    833ee01e0190a9e719d8ec4d67796bd36c4c413a

  • SHA256

    592b79997bcf90f34659af497ca305e2339422fbdde10988feaf4abc8edde321

  • SHA512

    3325f8e465c11371a486edc0a68a1a972f8faf6c33181a6f0d0b83e60dbe96f2a8ba95080ede8eaa82070e264a44a9804b1cfbee2bc66beb7fe9f6a1533908f8

  • SSDEEP

    49152:7sINvYk7Da5PSowkzsINvYk7Da5PSowk:JYaa5PvhYaa5Pv

Malware Config

Targets

    • Target

      4bc47294a5d7f790900cedb1abba6688_JaffaCakes118

    • Size

      1.8MB

    • MD5

      4bc47294a5d7f790900cedb1abba6688

    • SHA1

      833ee01e0190a9e719d8ec4d67796bd36c4c413a

    • SHA256

      592b79997bcf90f34659af497ca305e2339422fbdde10988feaf4abc8edde321

    • SHA512

      3325f8e465c11371a486edc0a68a1a972f8faf6c33181a6f0d0b83e60dbe96f2a8ba95080ede8eaa82070e264a44a9804b1cfbee2bc66beb7fe9f6a1533908f8

    • SSDEEP

      49152:7sINvYk7Da5PSowkzsINvYk7Da5PSowk:JYaa5PvhYaa5Pv

    • Renames multiple (439) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks