Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fc751a15219828b9113b4e65e0c297f8_JaffaCakes118

  • Size

    94KB

  • Sample

    240420-lk8rdaec2z

  • MD5

    fc751a15219828b9113b4e65e0c297f8

  • SHA1

    80600491c2ec6804a336d7c81360d234ed471fb0

  • SHA256

    774a06ee0917bab638b98728742962cc11d409d5fc4f6ed5194a9c64a5f2cc2d

  • SHA512

    719fd3509d65f05ca797e09733069cca9d33531b441124422db5a4dc61e82b8ef53a51f80a33d143533910a3877c83d8337240dda070277af891b527f21d9016

  • SSDEEP

    1536:wAdSRwm/V4skJaw/Z4Rofy+fRkjTb5TnqY0rKFm070Ck5nGVvTqnqy9RlqGVv1:wyewmN4skJaU4ZBjX5TnqYCKFmlorqqI

Score
7/10

Malware Config

Targets

    • Target

      fc751a15219828b9113b4e65e0c297f8_JaffaCakes118

    • Size

      94KB

    • MD5

      fc751a15219828b9113b4e65e0c297f8

    • SHA1

      80600491c2ec6804a336d7c81360d234ed471fb0

    • SHA256

      774a06ee0917bab638b98728742962cc11d409d5fc4f6ed5194a9c64a5f2cc2d

    • SHA512

      719fd3509d65f05ca797e09733069cca9d33531b441124422db5a4dc61e82b8ef53a51f80a33d143533910a3877c83d8337240dda070277af891b527f21d9016

    • SSDEEP

      1536:wAdSRwm/V4skJaw/Z4Rofy+fRkjTb5TnqY0rKFm070Ck5nGVvTqnqy9RlqGVv1:wyewmN4skJaU4ZBjX5TnqYCKFmlorqqI

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      6KB

    • MD5

      a6978ea99297c941d02d88fa873150d9

    • SHA1

      4e1fd5c2f7291daef4d817b12bc7bfa432a90013

    • SHA256

      a5c5012191015659684fc19b5e8ec7d33837b25c607f0f9dbfd46c10b8baeb17

    • SHA512

      8caf697317e6f9e83bbb0ee15a87ec56be3b08aaea9f7fb64fa65dd111bcfde5a8d25c7ef58fa1aa464ba5f9d4e365d9d8d3763cda17b4f3223418adf9a25000

    • SSDEEP

      96:g1C0Qaep2wbE+WH1/FMXF6CGQhFzK1KQ5YnhElMmV4d:4ep2w5k/FyEt2gN

    Score
    3/10
    • Target

      Uninstall.exe

    • Size

      50KB

    • MD5

      1c185f9c6a1f965a6396f9f31c6171fe

    • SHA1

      09063d7724a1cd17a3eb4cc228ca3e5cfad8a98b

    • SHA256

      f87b53085983c75bf3287763cc547558d2355565b47c640db2959d2ad0273475

    • SHA512

      0ee85caf6c4484c74191180e640cf243a9688e3475ed923be8851d66444c0e2b852feb78b8668dcf469283868dd3ac44666ba879cc1296f80fbee3982598bbf4

    • SSDEEP

      768:cxiph+mxirdR6y5wmp+USVq+U5wR3E9ZJt9GSFS6sWkJv+eJRn5Am6kRRJ2iZ3i0:wAdSRwm/V4skJmqAELVigLilqGVvA

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      register.exe

    • Size

      35KB

    • MD5

      1d95755ffcfc57da3b9c32ff5fdb6934

    • SHA1

      c8a33a7b3394c1b4a0ba04d68b07579d711274b3

    • SHA256

      94779bc3bd7e5a2a284a4839bd3b7a18bb59527d88b1d57b0f547eae67360fcc

    • SHA512

      6d17f5a263699b683232f5f6b3c769a88e7c917e55bfbd89d0b847259340ff86d7e0ba36f3dac27c56a01ea4015b80607bc04b22de4b19aa1dde8af895a1324a

    • SSDEEP

      768:FHaBX1ovfDMSA3yVG0nkrA/W7w2hyXV2tCIa6syM:UM3DMSzVvnkrA/2hyXQAB

    Score
    7/10
    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks