Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    652bacadd719906071500b95bf6947ad_JaffaCakes118

  • Size

    9.7MB

  • Sample

    241021-ch22datbkh

  • MD5

    652bacadd719906071500b95bf6947ad

  • SHA1

    c4b13ca2134bfb18c7f4f4022b8119df7bf7553c

  • SHA256

    f350b95c6fe0c80a9fb98bf9affff997c1a10176bb7b5205df156e4459abac16

  • SHA512

    757033b9ab70f3aa2c5cd1e7f87dfcd3b354b6feaad39e09f1893ebcd287a0cbf58c096845c9a7eb4e7dd5a5c1981daf583198c8c5d3b3d4c0b4e047c7c44dce

  • SSDEEP

    98304:DE2di03CIMzKpXOMGQYdu9IMzKpXOMGQv:Dnw0SI2lyx9I2lyv

Malware Config

Targets

    • Target

      652bacadd719906071500b95bf6947ad_JaffaCakes118

    • Size

      9.7MB

    • MD5

      652bacadd719906071500b95bf6947ad

    • SHA1

      c4b13ca2134bfb18c7f4f4022b8119df7bf7553c

    • SHA256

      f350b95c6fe0c80a9fb98bf9affff997c1a10176bb7b5205df156e4459abac16

    • SHA512

      757033b9ab70f3aa2c5cd1e7f87dfcd3b354b6feaad39e09f1893ebcd287a0cbf58c096845c9a7eb4e7dd5a5c1981daf583198c8c5d3b3d4c0b4e047c7c44dce

    • SSDEEP

      98304:DE2di03CIMzKpXOMGQYdu9IMzKpXOMGQv:Dnw0SI2lyx9I2lyv

    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks