Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f4924470bccbb6876bc2dc951078f8cc_JaffaCakes118

  • Size

    60KB

  • Sample

    241215-spg8jsxrcw

  • MD5

    f4924470bccbb6876bc2dc951078f8cc

  • SHA1

    7f5d342736eb9fbd462d7838d449e6c105ae5d4c

  • SHA256

    573eddb9b6bd8461992dd0249c292bdb145b4c43f132ae8ad0e8a118df5ed50e

  • SHA512

    145a8b59fb55abeecc633c01c20c4259231ac662139e89ad8cd8c03d71b562f2f3e676aa03d8500dd9feac8485cada2e4ee3d0111518d9261b8951fd46aad4af

  • SSDEEP

    768:HdaAz9JYLEoryFTFXlUGTFD5T3RUprmoPImfvhwxuJ13d53B:gAzEYxHlUGD5ormcuuj/3B

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      f4924470bccbb6876bc2dc951078f8cc_JaffaCakes118

    • Size

      60KB

    • MD5

      f4924470bccbb6876bc2dc951078f8cc

    • SHA1

      7f5d342736eb9fbd462d7838d449e6c105ae5d4c

    • SHA256

      573eddb9b6bd8461992dd0249c292bdb145b4c43f132ae8ad0e8a118df5ed50e

    • SHA512

      145a8b59fb55abeecc633c01c20c4259231ac662139e89ad8cd8c03d71b562f2f3e676aa03d8500dd9feac8485cada2e4ee3d0111518d9261b8951fd46aad4af

    • SSDEEP

      768:HdaAz9JYLEoryFTFXlUGTFD5T3RUprmoPImfvhwxuJ13d53B:gAzEYxHlUGD5ormcuuj/3B

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks