Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    766b480c4a1085af5347523515f669d3_JaffaCakes118

  • Size

    419KB

  • Sample

    241027-24cfaaslew

  • MD5

    766b480c4a1085af5347523515f669d3

  • SHA1

    26ae6b67867bbdaee768e291925be9143180ab27

  • SHA256

    6220254a483490457d642915b097bd5834a0a6bf432e1af660d37fb78112f9d6

  • SHA512

    3c362578c690b147aa9e5b92c9520bbc7e68b3d87059a2d57248867e06c0a4645da46a5b35b7b03cd8abec3a64756966a0bf18a6e28b3ef0d00ec61007514f88

  • SSDEEP

    6144:ppMMVVbsmffOHMUxwPtZPFvNtCbEV1c8FULI0PHBWN0tNcl4rTH4:UtmfsMlPtZJngucZRPHBWN0bclR

Malware Config

Targets

    • Target

      766b480c4a1085af5347523515f669d3_JaffaCakes118

    • Size

      419KB

    • MD5

      766b480c4a1085af5347523515f669d3

    • SHA1

      26ae6b67867bbdaee768e291925be9143180ab27

    • SHA256

      6220254a483490457d642915b097bd5834a0a6bf432e1af660d37fb78112f9d6

    • SHA512

      3c362578c690b147aa9e5b92c9520bbc7e68b3d87059a2d57248867e06c0a4645da46a5b35b7b03cd8abec3a64756966a0bf18a6e28b3ef0d00ec61007514f88

    • SSDEEP

      6144:ppMMVVbsmffOHMUxwPtZPFvNtCbEV1c8FULI0PHBWN0tNcl4rTH4:UtmfsMlPtZJngucZRPHBWN0bclR

    • Contacts a large (1446) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks