Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c5c9cc18ecfdf1dd5e77163539206ce1_JaffaCakes118
-
Size
168KB
-
Sample
241205-ehjwxaxpct
-
MD5
c5c9cc18ecfdf1dd5e77163539206ce1
-
SHA1
4a15c7813fc60e06047205515901bb89094b3a4a
-
SHA256
7bc761e7341be0a72eb4d4afff7cc1970c46cec2cf5851949b363626d04e2d22
-
SHA512
69f8ae1277c42a0b12685e2d84cb73b5e90f3411af40fbad003d774fd4529fd414a5e2f5b8ec177ab9b5a4d6f42089ecb91e7401c9779a481d7ed7fbc24b9744
-
SSDEEP
3072:Xh7IT11ifB55719lbskv2V2U1+8uEqWzv1VDCtwwTK4oYC86IGVP1QTjT:611iflBbLQ9FqWzdV2bTK4oZxIIP1QTH
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
c5c9cc18ecfdf1dd5e77163539206ce1_JaffaCakes118
-
Size
168KB
-
MD5
c5c9cc18ecfdf1dd5e77163539206ce1
-
SHA1
4a15c7813fc60e06047205515901bb89094b3a4a
-
SHA256
7bc761e7341be0a72eb4d4afff7cc1970c46cec2cf5851949b363626d04e2d22
-
SHA512
69f8ae1277c42a0b12685e2d84cb73b5e90f3411af40fbad003d774fd4529fd414a5e2f5b8ec177ab9b5a4d6f42089ecb91e7401c9779a481d7ed7fbc24b9744
-
SSDEEP
3072:Xh7IT11ifB55719lbskv2V2U1+8uEqWzv1VDCtwwTK4oYC86IGVP1QTjT:611iflBbLQ9FqWzdV2bTK4oZxIIP1QTH
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-