Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e351522713d034a97167b1da22a75fa1_JaffaCakes118

  • Size

    146KB

  • Sample

    241211-1fep3atmej

  • MD5

    e351522713d034a97167b1da22a75fa1

  • SHA1

    8d44f2f36d6c11a71cb1a58db3b5297e2dbbf78e

  • SHA256

    f140f371d170381886a1870bfa000ea336ea270ca3c9de09886127cecd2f0705

  • SHA512

    1e0cef960b024263b71168b2f3d356821e39869853fb93c6e75ef9191135957dff8e8e0c0a862520791f35d56444d42b33b1d8619a5504685dfc35cfa104799b

  • SSDEEP

    3072:Rlk6bOFssBemmmEZ0VjLgWY00V/47bDW6PPT1/jvWMNrU5:zk9cmmmCmYj4S6xjuSrU5

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      e351522713d034a97167b1da22a75fa1_JaffaCakes118

    • Size

      146KB

    • MD5

      e351522713d034a97167b1da22a75fa1

    • SHA1

      8d44f2f36d6c11a71cb1a58db3b5297e2dbbf78e

    • SHA256

      f140f371d170381886a1870bfa000ea336ea270ca3c9de09886127cecd2f0705

    • SHA512

      1e0cef960b024263b71168b2f3d356821e39869853fb93c6e75ef9191135957dff8e8e0c0a862520791f35d56444d42b33b1d8619a5504685dfc35cfa104799b

    • SSDEEP

      3072:Rlk6bOFssBemmmEZ0VjLgWY00V/47bDW6PPT1/jvWMNrU5:zk9cmmmCmYj4S6xjuSrU5

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks