Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dfa803a29834487e105f930fad10c23d_JaffaCakes118

  • Size

    3.4MB

  • Sample

    241211-dm86xstlft

  • MD5

    dfa803a29834487e105f930fad10c23d

  • SHA1

    1fa51145720a89bb99376526f028b17403bbfbfd

  • SHA256

    59a6eb8c43091110344325fa1ade46533930732c90e60cecdf55dc4719453eab

  • SHA512

    78cd701a44e19074ce2a6eff0af5b247b2a990bfaa14f2ca600ac153f45ee1078c23d27b6a3fb7d12f49737b14f38ebb4419235144674ffcb9bea3553c153805

  • SSDEEP

    49152:67N1ahCX0V7N1ahC60V7N1ahCJ0V7N1ahCm0V7N1ahCV:67a7H787z7V

Malware Config

Targets

    • Target

      dfa803a29834487e105f930fad10c23d_JaffaCakes118

    • Size

      3.4MB

    • MD5

      dfa803a29834487e105f930fad10c23d

    • SHA1

      1fa51145720a89bb99376526f028b17403bbfbfd

    • SHA256

      59a6eb8c43091110344325fa1ade46533930732c90e60cecdf55dc4719453eab

    • SHA512

      78cd701a44e19074ce2a6eff0af5b247b2a990bfaa14f2ca600ac153f45ee1078c23d27b6a3fb7d12f49737b14f38ebb4419235144674ffcb9bea3553c153805

    • SSDEEP

      49152:67N1ahCX0V7N1ahC60V7N1ahCJ0V7N1ahCm0V7N1ahCV:67a7H787z7V

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • Fakeav family

    • FakeAV payload

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.