Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_036f727a7001a36950c174e97c6a56d1

  • Size

    249KB

  • Sample

    250121-kwg75avqg1

  • MD5

    036f727a7001a36950c174e97c6a56d1

  • SHA1

    f6f711513dd41e66b3524a0483a962f189b78c89

  • SHA256

    d3abee5ea5c536b8c1fa470fd4ef72346dc911391fd71911d86d9fcfbf272bc2

  • SHA512

    eebdcac41f1ee28153cfa87390b1e8a4e123551b1efb2c1f8eb1ec09336c6df8c2d2eef140d15a119a0b305d67c7a2a2e094b4e3e1587ba1beb324d3821ed8bd

  • SSDEEP

    6144:3WxFBPzhADSnh5j6GKcdgLPsKUfyDy3HGgqoE3Pc+JsHw:36PlA0h5NXKPsKwsy3HGX3Pc+qQ

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      JaffaCakes118_036f727a7001a36950c174e97c6a56d1

    • Size

      249KB

    • MD5

      036f727a7001a36950c174e97c6a56d1

    • SHA1

      f6f711513dd41e66b3524a0483a962f189b78c89

    • SHA256

      d3abee5ea5c536b8c1fa470fd4ef72346dc911391fd71911d86d9fcfbf272bc2

    • SHA512

      eebdcac41f1ee28153cfa87390b1e8a4e123551b1efb2c1f8eb1ec09336c6df8c2d2eef140d15a119a0b305d67c7a2a2e094b4e3e1587ba1beb324d3821ed8bd

    • SSDEEP

      6144:3WxFBPzhADSnh5j6GKcdgLPsKUfyDy3HGgqoE3Pc+JsHw:36PlA0h5NXKPsKwsy3HGX3Pc+qQ

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks