Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    54bad7675362b1b59ad5edaa2113475e_JaffaCakes118

  • Size

    141KB

  • Sample

    241018-bwn61aybqe

  • MD5

    54bad7675362b1b59ad5edaa2113475e

  • SHA1

    97fdf873cea7e672d65a724864c1a4ae1e9c649f

  • SHA256

    c046cbe4dd3b999dd743bd5f4f4c348e3f5b00d2d68967658f0fe7d02fd718ae

  • SHA512

    752163850b01ea273b541b9c79e2fbe18e42a840b0d783dee273acc2693e8ebe778248c69e86aea0e81496101dd964dbb1e002ea8c42606f934031d5d2bac47e

  • SSDEEP

    3072:VbMbpgI5yHylBM6dEPyxwUHWzyhpNPOmQb9OAbCw4outy:VbMbpgIgHeBHdEPyxwZypNdQQAbCw4oS

Malware Config

Targets

    • Target

      54bad7675362b1b59ad5edaa2113475e_JaffaCakes118

    • Size

      141KB

    • MD5

      54bad7675362b1b59ad5edaa2113475e

    • SHA1

      97fdf873cea7e672d65a724864c1a4ae1e9c649f

    • SHA256

      c046cbe4dd3b999dd743bd5f4f4c348e3f5b00d2d68967658f0fe7d02fd718ae

    • SHA512

      752163850b01ea273b541b9c79e2fbe18e42a840b0d783dee273acc2693e8ebe778248c69e86aea0e81496101dd964dbb1e002ea8c42606f934031d5d2bac47e

    • SSDEEP

      3072:VbMbpgI5yHylBM6dEPyxwUHWzyhpNPOmQb9OAbCw4outy:VbMbpgIgHeBHdEPyxwZypNdQQAbCw4oS

    • Modifies WinLogon for persistence

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks