Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fc751a15219828b9113b4e65e0c297f8_JaffaCakes118
-
Size
94KB
-
Sample
240420-lk8rdaec2z
-
MD5
fc751a15219828b9113b4e65e0c297f8
-
SHA1
80600491c2ec6804a336d7c81360d234ed471fb0
-
SHA256
774a06ee0917bab638b98728742962cc11d409d5fc4f6ed5194a9c64a5f2cc2d
-
SHA512
719fd3509d65f05ca797e09733069cca9d33531b441124422db5a4dc61e82b8ef53a51f80a33d143533910a3877c83d8337240dda070277af891b527f21d9016
-
SSDEEP
1536:wAdSRwm/V4skJaw/Z4Rofy+fRkjTb5TnqY0rKFm070Ck5nGVvTqnqy9RlqGVv1:wyewmN4skJaU4ZBjX5TnqYCKFmlorqqI
Static task
static1
Behavioral task
behavioral1
Sample
fc751a15219828b9113b4e65e0c297f8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fc751a15219828b9113b4e65e0c297f8_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
Uninstall.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Uninstall.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
register.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
register.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
fc751a15219828b9113b4e65e0c297f8_JaffaCakes118
-
Size
94KB
-
MD5
fc751a15219828b9113b4e65e0c297f8
-
SHA1
80600491c2ec6804a336d7c81360d234ed471fb0
-
SHA256
774a06ee0917bab638b98728742962cc11d409d5fc4f6ed5194a9c64a5f2cc2d
-
SHA512
719fd3509d65f05ca797e09733069cca9d33531b441124422db5a4dc61e82b8ef53a51f80a33d143533910a3877c83d8337240dda070277af891b527f21d9016
-
SSDEEP
1536:wAdSRwm/V4skJaw/Z4Rofy+fRkjTb5TnqY0rKFm070Ck5nGVvTqnqy9RlqGVv1:wyewmN4skJaU4ZBjX5TnqYCKFmlorqqI
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
6KB
-
MD5
a6978ea99297c941d02d88fa873150d9
-
SHA1
4e1fd5c2f7291daef4d817b12bc7bfa432a90013
-
SHA256
a5c5012191015659684fc19b5e8ec7d33837b25c607f0f9dbfd46c10b8baeb17
-
SHA512
8caf697317e6f9e83bbb0ee15a87ec56be3b08aaea9f7fb64fa65dd111bcfde5a8d25c7ef58fa1aa464ba5f9d4e365d9d8d3763cda17b4f3223418adf9a25000
-
SSDEEP
96:g1C0Qaep2wbE+WH1/FMXF6CGQhFzK1KQ5YnhElMmV4d:4ep2w5k/FyEt2gN
Score3/10 -
-
-
Target
Uninstall.exe
-
Size
50KB
-
MD5
1c185f9c6a1f965a6396f9f31c6171fe
-
SHA1
09063d7724a1cd17a3eb4cc228ca3e5cfad8a98b
-
SHA256
f87b53085983c75bf3287763cc547558d2355565b47c640db2959d2ad0273475
-
SHA512
0ee85caf6c4484c74191180e640cf243a9688e3475ed923be8851d66444c0e2b852feb78b8668dcf469283868dd3ac44666ba879cc1296f80fbee3982598bbf4
-
SSDEEP
768:cxiph+mxirdR6y5wmp+USVq+U5wR3E9ZJt9GSFS6sWkJv+eJRn5Am6kRRJ2iZ3i0:wAdSRwm/V4skJmqAELVigLilqGVvA
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
register.exe
-
Size
35KB
-
MD5
1d95755ffcfc57da3b9c32ff5fdb6934
-
SHA1
c8a33a7b3394c1b4a0ba04d68b07579d711274b3
-
SHA256
94779bc3bd7e5a2a284a4839bd3b7a18bb59527d88b1d57b0f547eae67360fcc
-
SHA512
6d17f5a263699b683232f5f6b3c769a88e7c917e55bfbd89d0b847259340ff86d7e0ba36f3dac27c56a01ea4015b80607bc04b22de4b19aa1dde8af895a1324a
-
SSDEEP
768:FHaBX1ovfDMSA3yVG0nkrA/W7w2hyXV2tCIa6syM:UM3DMSzVvnkrA/2hyXQAB
Score7/10-
Deletes itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-