Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6539197a29fff68a9994a5033b2c9f1f_JaffaCakes118

  • Size

    5.9MB

  • Sample

    241021-cx3w8atfmd

  • MD5

    6539197a29fff68a9994a5033b2c9f1f

  • SHA1

    16fe159aec3d5733cf3f259b0377f7aae9560c5b

  • SHA256

    03f9c797999fb477a2960b40e5b1493c7ee43b9187014123e02b70308819a2d9

  • SHA512

    fb21b0ec07fb6ff04773af02b1402cb16450948aa2e4d513e330c5b7fdb80846c1b4773db31b6b0aeba7fbeaa02f17838dacdb255f09acef5f749bbeb387d656

  • SSDEEP

    6144:ZiMmXRH6pXfSb0ceR/VFAHh1kgcs0HWHkyApOhP/SgljwRwdX/1H9kM2AfQ2C4e4:zMMpXKb0hNGh1kG0HWNAuCsltHti0r

Malware Config

Targets

    • Target

      6539197a29fff68a9994a5033b2c9f1f_JaffaCakes118

    • Size

      5.9MB

    • MD5

      6539197a29fff68a9994a5033b2c9f1f

    • SHA1

      16fe159aec3d5733cf3f259b0377f7aae9560c5b

    • SHA256

      03f9c797999fb477a2960b40e5b1493c7ee43b9187014123e02b70308819a2d9

    • SHA512

      fb21b0ec07fb6ff04773af02b1402cb16450948aa2e4d513e330c5b7fdb80846c1b4773db31b6b0aeba7fbeaa02f17838dacdb255f09acef5f749bbeb387d656

    • SSDEEP

      6144:ZiMmXRH6pXfSb0ceR/VFAHh1kgcs0HWHkyApOhP/SgljwRwdX/1H9kM2AfQ2C4e4:zMMpXKb0hNGh1kG0HWNAuCsltHti0r

    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks