Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c7887a7bb7e672192a58ef5d6f985932_JaffaCakes118

  • Size

    272KB

  • Sample

    241205-nv4xaasqhy

  • MD5

    c7887a7bb7e672192a58ef5d6f985932

  • SHA1

    b9fb0daeed88638b7a965449bf0b9f01df35efd0

  • SHA256

    f6c3d193a281dc20507a1dfdfc45cf5292d59c385640c61daf6fb475786ae0dd

  • SHA512

    d4af49290ca8fb9329bd940461c855f4172c4e7ebc6ef2092091663ac6fffc5e427346d2c4671217e8f98bc1e542e298c198752cb8a0011e1226ab68f9019b89

  • SSDEEP

    6144:wjlNv3g5OnD/ajNFB9FgXYhSEw6rfyxIXzuJhoiH:qlNvQ5OjajNFBzgXstXqGi

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      c7887a7bb7e672192a58ef5d6f985932_JaffaCakes118

    • Size

      272KB

    • MD5

      c7887a7bb7e672192a58ef5d6f985932

    • SHA1

      b9fb0daeed88638b7a965449bf0b9f01df35efd0

    • SHA256

      f6c3d193a281dc20507a1dfdfc45cf5292d59c385640c61daf6fb475786ae0dd

    • SHA512

      d4af49290ca8fb9329bd940461c855f4172c4e7ebc6ef2092091663ac6fffc5e427346d2c4671217e8f98bc1e542e298c198752cb8a0011e1226ab68f9019b89

    • SSDEEP

      6144:wjlNv3g5OnD/ajNFB9FgXYhSEw6rfyxIXzuJhoiH:qlNvQ5OjajNFBzgXstXqGi

    • Modifies firewall policy service

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks