Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_012f1add9651861103391e8feaafa55d
-
Size
254KB
-
Sample
250121-b2xqbszkfn
-
MD5
012f1add9651861103391e8feaafa55d
-
SHA1
72fb73d28a7919f97b7290f925ebbe768dc0c664
-
SHA256
d214f21cee520f9b71b46485d44bad5979233feb3fedc464be35c05678a95e27
-
SHA512
0aeea89093b56f5e7d2cb0b1e1dc696370dca436a5d24c45220b9cf5d5695cb4000bbebaf19a7f4978d022b3fc2a84122926d80e56b8558cfa4fd8721b5b58a7
-
SSDEEP
6144:kn9Q5Av4QZtYm6rni9AfYVeHlo6cuc74ek1KFAmR:E9Q5c4QZqBrOAfNHlIFk1Kl
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_012f1add9651861103391e8feaafa55d.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_012f1add9651861103391e8feaafa55d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
JaffaCakes118_012f1add9651861103391e8feaafa55d
-
Size
254KB
-
MD5
012f1add9651861103391e8feaafa55d
-
SHA1
72fb73d28a7919f97b7290f925ebbe768dc0c664
-
SHA256
d214f21cee520f9b71b46485d44bad5979233feb3fedc464be35c05678a95e27
-
SHA512
0aeea89093b56f5e7d2cb0b1e1dc696370dca436a5d24c45220b9cf5d5695cb4000bbebaf19a7f4978d022b3fc2a84122926d80e56b8558cfa4fd8721b5b58a7
-
SSDEEP
6144:kn9Q5Av4QZtYm6rni9AfYVeHlo6cuc74ek1KFAmR:E9Q5c4QZqBrOAfNHlIFk1Kl
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-