Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    63e66d289d9d10f1f9450117bb61e7ae_JaffaCakes118

  • Size

    212KB

  • Sample

    241020-x4mtssxfml

  • MD5

    63e66d289d9d10f1f9450117bb61e7ae

  • SHA1

    341bb970757111f6198ea8b1f6c3a87333c81a61

  • SHA256

    e97c683d4076b707e0ca68f3d7a50e71b908d2109f782248f2d79dba4adbdaff

  • SHA512

    ed8cc5d753daac40192719f6cf4eeb7dbb163c4921fb5ea9fd3cfe626c038e6dcaafdd98a7f48ec636699616bfa672a6ee3f00b85120825adac1d46c2a9c3bbb

  • SSDEEP

    3072:u50IRfdDJ2FoFipGBn2aTJfXkLNqS1h5ugGz7FNYxLia1FjdSPyaeivQWJtbOSB:S0IROqZJf0LkdFmhB5aeI

Malware Config

Targets

    • Target

      63e66d289d9d10f1f9450117bb61e7ae_JaffaCakes118

    • Size

      212KB

    • MD5

      63e66d289d9d10f1f9450117bb61e7ae

    • SHA1

      341bb970757111f6198ea8b1f6c3a87333c81a61

    • SHA256

      e97c683d4076b707e0ca68f3d7a50e71b908d2109f782248f2d79dba4adbdaff

    • SHA512

      ed8cc5d753daac40192719f6cf4eeb7dbb163c4921fb5ea9fd3cfe626c038e6dcaafdd98a7f48ec636699616bfa672a6ee3f00b85120825adac1d46c2a9c3bbb

    • SSDEEP

      3072:u50IRfdDJ2FoFipGBn2aTJfXkLNqS1h5ugGz7FNYxLia1FjdSPyaeivQWJtbOSB:S0IROqZJf0LkdFmhB5aeI

    • Renames multiple (177) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks