Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_f9f3468705375294fe0e98dae9f37225

  • Size

    7.9MB

  • Sample

    250111-hkwv2azjdy

  • MD5

    f9f3468705375294fe0e98dae9f37225

  • SHA1

    4b9dabacf25c95f1c0879bf3c93275e42d3e2aad

  • SHA256

    8f40d4671e157a13e50d7194870918d95945cc338f867d22a0c23d879b568b7d

  • SHA512

    580d5e1ad881865b804cfee4bb7fc1ba37e56b6328eb64c18ac1f44f733a6054703415455e15f9de16948e76a764b77ec21cc882bec04611745865fccef48762

  • SSDEEP

    196608:87azg7DSm7azg7DSm7azg7DSm7azg7DSN:Xg7utg7utg7utg7uN

Malware Config

Targets

    • Target

      JaffaCakes118_f9f3468705375294fe0e98dae9f37225

    • Size

      7.9MB

    • MD5

      f9f3468705375294fe0e98dae9f37225

    • SHA1

      4b9dabacf25c95f1c0879bf3c93275e42d3e2aad

    • SHA256

      8f40d4671e157a13e50d7194870918d95945cc338f867d22a0c23d879b568b7d

    • SHA512

      580d5e1ad881865b804cfee4bb7fc1ba37e56b6328eb64c18ac1f44f733a6054703415455e15f9de16948e76a764b77ec21cc882bec04611745865fccef48762

    • SSDEEP

      196608:87azg7DSm7azg7DSm7azg7DSm7azg7DSN:Xg7utg7utg7utg7uN

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks