Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_0107b66daa6a5701c8106fa64a64a0b6

  • Size

    220KB

  • Sample

    250121-bb5cgsyjet

  • MD5

    0107b66daa6a5701c8106fa64a64a0b6

  • SHA1

    840baf4942159321585d04d746f9fead4145f408

  • SHA256

    553dbf65f6048f3a28ef6e4c9afd9a21de96663919df11aeeb860a3fec0a73e5

  • SHA512

    744028c58d259321332ef2a2728912f1046e823d93bc9ba106181657daa302f4bceea99a1148026ae9c7ad1880a3b6863268b3a38f70d8a417ecce6c04d77bf5

  • SSDEEP

    3072:j+TWb4ml9VkHpq2zRsvhac4fSZl9lETSZZUF8sqQcD+m5HG55LD0Kuh7f:yY6Psh5vlEmqPqLDZm55Ez

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

122.168.206.28:4957

Targets

    • Target

      JaffaCakes118_0107b66daa6a5701c8106fa64a64a0b6

    • Size

      220KB

    • MD5

      0107b66daa6a5701c8106fa64a64a0b6

    • SHA1

      840baf4942159321585d04d746f9fead4145f408

    • SHA256

      553dbf65f6048f3a28ef6e4c9afd9a21de96663919df11aeeb860a3fec0a73e5

    • SHA512

      744028c58d259321332ef2a2728912f1046e823d93bc9ba106181657daa302f4bceea99a1148026ae9c7ad1880a3b6863268b3a38f70d8a417ecce6c04d77bf5

    • SSDEEP

      3072:j+TWb4ml9VkHpq2zRsvhac4fSZl9lETSZZUF8sqQcD+m5HG55LD0Kuh7f:yY6Psh5vlEmqPqLDZm55Ez

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks