Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_007f1600b0a0777c591f415db8ec29a3

  • Size

    526KB

  • Sample

    250120-2xnjzatnaw

  • MD5

    007f1600b0a0777c591f415db8ec29a3

  • SHA1

    76bc884c55c46fa51b804dfc5f6d5a0a2135b9a2

  • SHA256

    cb7c957512e28316854bf79037d88cdd7e349f43340d80ba53668e7974a4cb82

  • SHA512

    b2656f206e161888fe3f798bf757ab6cd95b49424da6219d70ae866e1db52f3f826bb5c647a510b4c9e78d1bc2db05e67b40763b04ffdf3a8818fed1e04bddc4

  • SSDEEP

    12288:SHN3d5HDR40EFZjLDLuluC89Ew5nph2rxxnew80aEL1c0nb4auvhGzY:SHv5jRfEnXiuB9cDeCaERh4a98

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      JaffaCakes118_007f1600b0a0777c591f415db8ec29a3

    • Size

      526KB

    • MD5

      007f1600b0a0777c591f415db8ec29a3

    • SHA1

      76bc884c55c46fa51b804dfc5f6d5a0a2135b9a2

    • SHA256

      cb7c957512e28316854bf79037d88cdd7e349f43340d80ba53668e7974a4cb82

    • SHA512

      b2656f206e161888fe3f798bf757ab6cd95b49424da6219d70ae866e1db52f3f826bb5c647a510b4c9e78d1bc2db05e67b40763b04ffdf3a8818fed1e04bddc4

    • SSDEEP

      12288:SHN3d5HDR40EFZjLDLuluC89Ew5nph2rxxnew80aEL1c0nb4auvhGzY:SHv5jRfEnXiuB9cDeCaERh4a98

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks