Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf
-
Size
7KB
-
Sample
241224-lgwyeatqak
-
MD5
2d279b1ff24694aedac0940f3e297a71
-
SHA1
983522f60204a435e0b05ee93608303c177a296d
-
SHA256
ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf
-
SHA512
3948feaefed27971edf6d8f725a867b6975f54e9f9e183dfa8f61482303a300cb7910a920cf98ee5e7b65ef4e302f6da4b39d9a9a69cfd2b9c71af0cd1e9cde3
-
SSDEEP
96:joRhn5eXGILYvLL8ervgBsM+PzzrDpoI1yF1dMFVBgDlBu3r77aC:UhnQlYvLL8e8GB9XN7BgHu37r
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
192.168.77.130:8080
Targets
-
-
Target
JaffaCakes118_ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf
-
Size
7KB
-
MD5
2d279b1ff24694aedac0940f3e297a71
-
SHA1
983522f60204a435e0b05ee93608303c177a296d
-
SHA256
ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf
-
SHA512
3948feaefed27971edf6d8f725a867b6975f54e9f9e183dfa8f61482303a300cb7910a920cf98ee5e7b65ef4e302f6da4b39d9a9a69cfd2b9c71af0cd1e9cde3
-
SSDEEP
96:joRhn5eXGILYvLL8ervgBsM+PzzrDpoI1yF1dMFVBgDlBu3r77aC:UhnQlYvLL8e8GB9XN7BgHu37r
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-