Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dfa803a29834487e105f930fad10c23d_JaffaCakes118
-
Size
3.4MB
-
Sample
241211-dm86xstlft
-
MD5
dfa803a29834487e105f930fad10c23d
-
SHA1
1fa51145720a89bb99376526f028b17403bbfbfd
-
SHA256
59a6eb8c43091110344325fa1ade46533930732c90e60cecdf55dc4719453eab
-
SHA512
78cd701a44e19074ce2a6eff0af5b247b2a990bfaa14f2ca600ac153f45ee1078c23d27b6a3fb7d12f49737b14f38ebb4419235144674ffcb9bea3553c153805
-
SSDEEP
49152:67N1ahCX0V7N1ahC60V7N1ahCJ0V7N1ahCm0V7N1ahCV:67a7H787z7V
Malware Config
Targets
-
-
Target
dfa803a29834487e105f930fad10c23d_JaffaCakes118
-
Size
3.4MB
-
MD5
dfa803a29834487e105f930fad10c23d
-
SHA1
1fa51145720a89bb99376526f028b17403bbfbfd
-
SHA256
59a6eb8c43091110344325fa1ade46533930732c90e60cecdf55dc4719453eab
-
SHA512
78cd701a44e19074ce2a6eff0af5b247b2a990bfaa14f2ca600ac153f45ee1078c23d27b6a3fb7d12f49737b14f38ebb4419235144674ffcb9bea3553c153805
-
SSDEEP
49152:67N1ahCX0V7N1ahC60V7N1ahCJ0V7N1ahCm0V7N1ahCV:67a7H787z7V
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
Fakeav family
-
FakeAV payload
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1