Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_2c434fce48945d04ddc4be557f2ec286a80e73596e404a369ec91e89379a8d17
-
Size
117KB
-
Sample
241226-1bcd5s1mcl
-
MD5
04a315f29f763634fadf04e7372cef93
-
SHA1
e69db444af947efaea4466c33011bf44d7b1fd94
-
SHA256
2c434fce48945d04ddc4be557f2ec286a80e73596e404a369ec91e89379a8d17
-
SHA512
a15059d860a1005a10156817e77652108fd86eab82e5bcb35c2f9ab419ba497f7a1c425769f2bd6b4d26e13e1b56d2aaf2ac73da1d970644ff2d52d6045fa4f6
-
SSDEEP
3072:c95/q3oZYHEf0mC5WcvmPkd/WMyYv7x+w8:czy3KYHO0DkYYMPt+w8
Static task
static1
Behavioral task
behavioral1
Sample
fed7c4e47ea734756b34a457fbb402ce63624e1c8bbe48441a9634f4130e022c.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fed7c4e47ea734756b34a457fbb402ce63624e1c8bbe48441a9634f4130e022c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
fed7c4e47ea734756b34a457fbb402ce63624e1c8bbe48441a9634f4130e022c
-
Size
246KB
-
MD5
6bdec1b519e961a4d757be0541c6e343
-
SHA1
fc1208a0eacf1e21f0199d7748292c8a5a114f0f
-
SHA256
fed7c4e47ea734756b34a457fbb402ce63624e1c8bbe48441a9634f4130e022c
-
SHA512
c9d4eb8560410d480b8724ca2ef8c9681ea849c65497ffb2b89884cab65265269d03fc2b434b77b5a2b64cd3eebdd8f8dde18334b9fbea3f5783cbb9972bf406
-
SSDEEP
3072:v036cBx3W3XK0mC5WcvmiK3dmXsxkgaBChhqLQV:HXK0DkYNABigaQq8V
-
Tofsee family
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2