Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_02bcd02ac649b47c88df945125551f16
-
Size
224KB
-
Sample
250121-hhgy4a1mgv
-
MD5
02bcd02ac649b47c88df945125551f16
-
SHA1
431a617ff4ff5a5ba599262eec35073fca7f79bd
-
SHA256
f53ec0d23818613b780d630e985a96cc27f8c15206bca27480fce13f24b134ea
-
SHA512
046daf4b9732bbf237b541c4fdc88ed0461e20466712cd5ae5359180c78c497c1c7e980cf2f767d92cc98da8db39a0bed9f049ed216f8b6c86344114708faf40
-
SSDEEP
6144:uqvXfDrFUBEUOK6ielBslV35zErFUBEUOK6+:VrV1B0dErVi
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_02bcd02ac649b47c88df945125551f16.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_02bcd02ac649b47c88df945125551f16.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
JaffaCakes118_02bcd02ac649b47c88df945125551f16
-
Size
224KB
-
MD5
02bcd02ac649b47c88df945125551f16
-
SHA1
431a617ff4ff5a5ba599262eec35073fca7f79bd
-
SHA256
f53ec0d23818613b780d630e985a96cc27f8c15206bca27480fce13f24b134ea
-
SHA512
046daf4b9732bbf237b541c4fdc88ed0461e20466712cd5ae5359180c78c497c1c7e980cf2f767d92cc98da8db39a0bed9f049ed216f8b6c86344114708faf40
-
SSDEEP
6144:uqvXfDrFUBEUOK6ielBslV35zErFUBEUOK6+:VrV1B0dErVi
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-