Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_279ccd16a9d80a66314b62a23cbd239a

  • Size

    34KB

  • Sample

    250125-dhj18ssmc1

  • MD5

    279ccd16a9d80a66314b62a23cbd239a

  • SHA1

    cee65c61b418920c8f54000fe44bfff2f6af7978

  • SHA256

    e0375f90963663238e25c76df5dccfe753f2ee62bb5c73767d7f0745eb29d5b5

  • SHA512

    5b6a85e6bd99c5b8f78b5557b001eddf779e0f8249e18a74f8121799ea583c259d08c2a414a7527fab30f4c103cff9df6be37cad9002cdc407576f0c065adb62

  • SSDEEP

    768:dW0mUuSGqv4DRMFU4MVwu3U9oRBSsIC4nZpbd32:dMdAXf8f4oRBSsR4Zf

Malware Config

Targets

    • Target

      JaffaCakes118_279ccd16a9d80a66314b62a23cbd239a

    • Size

      34KB

    • MD5

      279ccd16a9d80a66314b62a23cbd239a

    • SHA1

      cee65c61b418920c8f54000fe44bfff2f6af7978

    • SHA256

      e0375f90963663238e25c76df5dccfe753f2ee62bb5c73767d7f0745eb29d5b5

    • SHA512

      5b6a85e6bd99c5b8f78b5557b001eddf779e0f8249e18a74f8121799ea583c259d08c2a414a7527fab30f4c103cff9df6be37cad9002cdc407576f0c065adb62

    • SSDEEP

      768:dW0mUuSGqv4DRMFU4MVwu3U9oRBSsIC4nZpbd32:dMdAXf8f4oRBSsR4Zf

    • Modifies security service

    • Windows security bypass

    • Blocklisted process makes network request

    • Modifies Shared Task Scheduler registry keys

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks