Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    64f4a2b0cf7e27efb6b60a7936d75c3d_JaffaCakes118

  • Size

    183KB

  • Sample

    241021-a8nwbssajj

  • MD5

    64f4a2b0cf7e27efb6b60a7936d75c3d

  • SHA1

    7e8cf3dbf39e40784c468d9f5ffb638a5b4928c1

  • SHA256

    f4ec1f1396f7e0190ba91786ece7948755a91dc40ad9d02119eb73f5dfd84cbc

  • SHA512

    9893566a1eadda85dc3e7b7e3570866ad26fec0a8011bbdd6ca18d0fbea8305cac7904b32684a63a3d2384eb8e73d3f25752b0efcab4c0e7377c5203cf7a6404

  • SSDEEP

    3072:rimsXXK9HRTOeriRfP6pXfSb0dspqc5oY0htVFAHT11Ual21Cxcs0HKAH057kyJn:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HWh

Malware Config

Targets

    • Target

      64f4a2b0cf7e27efb6b60a7936d75c3d_JaffaCakes118

    • Size

      183KB

    • MD5

      64f4a2b0cf7e27efb6b60a7936d75c3d

    • SHA1

      7e8cf3dbf39e40784c468d9f5ffb638a5b4928c1

    • SHA256

      f4ec1f1396f7e0190ba91786ece7948755a91dc40ad9d02119eb73f5dfd84cbc

    • SHA512

      9893566a1eadda85dc3e7b7e3570866ad26fec0a8011bbdd6ca18d0fbea8305cac7904b32684a63a3d2384eb8e73d3f25752b0efcab4c0e7377c5203cf7a6404

    • SSDEEP

      3072:rimsXXK9HRTOeriRfP6pXfSb0dspqc5oY0htVFAHT11Ual21Cxcs0HKAH057kyJn:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HWh

    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks